Experimental Analysis & Refinement of a Guided Exploit Generation Technique for Language Virtual Machines

Abstract: Background: We discussed G E , a semi-automatic exploit generation tool, in our paper at ACSAC 2020. G E generates an exploit script for a given ActionScript vulnerability. Unlike the other exploit generators, G E does not use fuzzing or a symbolic execution; rather, it relies on human expertise to guide it in successfully discovering vulnerable execution paths. This paper augments our ACSAC paper and provides more details on the experiments we conducted. Aim: We sought to show that G E can generate working ex… Show more