Automatic Exploitation of Fully Randomized Executables
Author(s)
Gadient, Austin; Ortiz, Baltazar; Barrato, Ricardo; Davis, Eli; Perkins, Jeff; Rinard, Martin; ... Show more Show less
Downloadpaper.pdf (648.8Kb)
Terms of use
Metadata
Show full item recordAbstract
We present Marten, a new end to end system for automatically discovering, exploiting, and combining information leakage and buffer overflow vulnerabilities to derandomize and exploit remote, fully randomized processes. Results from two case studies high- light Marten’s ability to generate short, robust ROP chain exploits that bypass address space layout randomization and other modern defenses to download and execute injected code selected by an attacker.
Description
We present an automated system, Marten, that automatically generates control flow hijacking exploits against fully randomized executables by combining information leakage and buffer overflow exploits.
Date issued
2019-06-11Keywords
exploit, Symbolic Execution, taint analysis, information leakage
Collections
The following license files are associated with this item: