| dc.contributor.advisor | Martin C. Rinard. | en_US |
| dc.contributor.author | Gadient, Austin James. | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. | en_US |
| dc.date.accessioned | 2020-11-06T21:08:05Z | |
| dc.date.available | 2020-11-06T21:08:05Z | |
| dc.date.copyright | 2019 | en_US |
| dc.date.issued | 2020 | en_US |
| dc.identifier.uri | https://hdl.handle.net/1721.1/128401 | |
| dc.description | This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. | en_US |
| dc.description | Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, February, 2020 | en_US |
| dc.description | Cataloged from student-submitted PDF version of thesis. "February 2020." | en_US |
| dc.description | Includes bibliographical references (pages 73-75). | en_US |
| dc.description.abstract | Despite significant research into their remediation, memory corruption vulnerabilities remain a significant issue today. Attacks created to exploit these vulnerabilities are remarkably brittle due to their dependence on the presence of specific security settings, use of certain compiler toolchains, and the target's environment. I present Marten, a new end-to-end system for automatically discovering, exploiting, and combining information leakage and buffer overflow vulnerabilities to generate exploits that are robust against defenses, compilation decisions, and environment differences. Marten has generated four control flow hijacking exploits and three information leakage exploits. One of the information leakage exploits is generated against a previously undiscovered zero-day vulnerability in Serveez-0.2.2. CVE-2019-16200 has been assigned to this vulnerability. These results highlight Marten's ability to generate robust exploits that bypass modern defenses to download and execute injected code selected by an attacker. | en_US |
| dc.description.statementofresponsibility | by Austin James Gadient. | en_US |
| dc.format.extent | 75 pages | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | MIT theses may be protected by copyright. Please reuse MIT thesis content according to the MIT Libraries Permissions Policy, which is available through the URL provided. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Electrical Engineering and Computer Science. | en_US |
| dc.title | Automated exploitation of fully randomized executables | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | S.M. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.identifier.oclc | 1203138667 | en_US |
| dc.description.collection | S.M. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science | en_US |
| dspace.imported | 2020-11-06T21:08:04Z | en_US |
| mit.thesis.degree | Master | en_US |
| mit.thesis.department | EECS | en_US |
