We introduce a new method for triggering vulnerabilities in deep layers of binary executables and facilitate their exploitation. In our approach we combine dynamic symbolic execution with fuzzing techniques. To maximize both the execution path depth and the degree of freedom in input parameters for exploitation, we define a novel method to assign probabilities to program paths. Based on this probability distribution we apply new path exploration strategies. This facilitates payload generation and therefore vulnerability exploitation.
CITATION STYLE
Böttinger, K., & Eckert, C. (2016). Deepfuzz: Triggering vulnerabilities deeply hidden in binaries. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9721, pp. 25–34). Springer Verlag. https://doi.org/10.1007/978-3-319-40667-1_2
Mendeley helps you to discover research relevant for your work.