Exploit generationI am currently responsible for the automatic exploit generation project aimed at heap-based memory corruption vulnerabilities.
The raison d'être of exploit generation systems is to transition from organic to synthetic exploits. The systems are thus hacker-immitating, attacker-mimetic, and feed into orthogonal problems, including:
- bug severity classification and automated defense
- proofs of exploitability and model-immunity
- automatic patch generation (self-healing software)
The techniques used in exploit generation build heavily on existing research into symbolic execution and constraint solving.
To learn more about this project, check out this page.