Add to ORKGInternational audienceThis paper presents a fully automated technique to find and trigger Use-After-Free vulnerabilities (UAF) on binary code. The approach combines a static analyzer and a dynamic symbolic execution engine. We also introduce several original heuristics for the dynamic symbolic execution part, speeding up the exploration and making this combination effective in practice. The tool we developed is open-source, and it has successfully been applied on real world vulnerabilities. As an example, we detail a proof-of-concept exploit triggering a previously unknown vulnerability on JasPer leading to the CVE-2015-5221
International audienceFault attacks are a major threat requiring to protect applications. We present...
Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically...
Memory corruption is a serious class of software vulnerabilities, which requires careful attention t...
International audienceThis paper presents a fully automated technique to find and trigger Use-After-...
International audienceThis paper presents a method for exploitable vulnerabilities detection in bina...
Abstract Exploitability assessment of vulnerabilities is important for both defenders and attackers....
Over the past 20 years, our society has become increasingly dependent on software. Today, we rely on...
Abstract—In this paper we present MAYHEM, a new sys-tem for automatically finding exploitable bugs i...
International audienceCertification through auditing allows to ensure that critical embedded systems...
Security is becoming a major concern in software development, both for software editors, end-users, ...
Abstract—In this paper we present MAYHEM, a new sys-tem for automatically finding exploitable bugs i...
This article presents the method for purposeful detection of vulnerabilities depending on input data...
Binary code analysis is widely used in many applications, including reverse engineering, software fo...
Our computers, phones, and other smart devices are running a vast and ever increasing amount of soft...
Software vulnerabilities are the root cause of a wide range of attacks. Existing vulnerability scann...
International audienceFault attacks are a major threat requiring to protect applications. We present...
Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically...
Memory corruption is a serious class of software vulnerabilities, which requires careful attention t...
International audienceThis paper presents a fully automated technique to find and trigger Use-After-...
International audienceThis paper presents a method for exploitable vulnerabilities detection in bina...
Abstract Exploitability assessment of vulnerabilities is important for both defenders and attackers....
Over the past 20 years, our society has become increasingly dependent on software. Today, we rely on...
Abstract—In this paper we present MAYHEM, a new sys-tem for automatically finding exploitable bugs i...
International audienceCertification through auditing allows to ensure that critical embedded systems...
Security is becoming a major concern in software development, both for software editors, end-users, ...
Abstract—In this paper we present MAYHEM, a new sys-tem for automatically finding exploitable bugs i...
This article presents the method for purposeful detection of vulnerabilities depending on input data...
Binary code analysis is widely used in many applications, including reverse engineering, software fo...
Our computers, phones, and other smart devices are running a vast and ever increasing amount of soft...
Software vulnerabilities are the root cause of a wide range of attacks. Existing vulnerability scann...
International audienceFault attacks are a major threat requiring to protect applications. We present...
Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically...
Memory corruption is a serious class of software vulnerabilities, which requires careful attention t...