2

I'm looking for research on the topic if at all possible or readings about efforts into this.

Drilling down into binaries via fuzzing/fingerprinting for known vulnerable binary patterns and a little boilerplate shellcode to insert into binary when found seems doable.

I envision it working in layered steps.

Look for fingerprints of known vulnerable binary.
  Vulnerable? loop
    Yes: Insert shellcode at vulnerability. Continue searching.
    No:  Fuzz application, use collected errors as fitness rating. 
         If exploitation successful, add to fingerprints, append 
         shellcode, continue searching.

This comes with the assumption of having a binary "DNA database" for vulnerability fingerpriting. Fuzzing errors trying to crash in a specific way that can be exploited, which ranks them in the genepool. Some crashes are more valuable than others.

Improve this question
5
  • This sort of approach is sometimes hinted at but there's not much open source. I suspect it is done extensively within secret labs, but no-one wants to share their work.
    – paj28
    Commented Sep 4, 2020 at 10:57
  • Shame, not sure what's so secret about it. Hill-climbing/GA approach to an ever improving static binary analysis.
    – 1fTBmq6q4DEaN2pnY
    Commented Sep 4, 2020 at 11:05
  • 1
    Secret because they want to use the exploits against live targets. I've no proof but I expect the NSA and Chinese government have hundreds or even thousands of people working on this.
    – paj28
    Commented Sep 4, 2020 at 11:08
  • Have you searched for such projects/papers?
    – multithr3at3d
    Commented Sep 5, 2020 at 14:20
  • I have to the best of my abilities. Not an academic, just a hobbyist. Looking for GA approaches to binary exploitation didn't turn up much.
    – 1fTBmq6q4DEaN2pnY
    Commented Sep 5, 2020 at 16:27

1 Answer 1

Reset to default
2

The ACM had a workshop on Artificial Intelligence and Security in 2018 as part of SIGSAC. They published the proceedings here: https://dl.acm.org/doi/proceedings/10.1145/3270101

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .