A vulnerability automation exploitation method based on symbolic execution

Abstract

With increasing number of software vulnerabilities, the quantity of attacks utilizing malicious samples is also on rise, leading to intensified adversarial competition. In particular, the application of automatic vulnerability mining techniques has resulted in a significant increase in the number of vulnerabilities, but security researchers often do not have enough time to deal with them. This paper proposes a symbol-execution-based automated vulnerability exploitation method, which can achieve automation of vulnerability detection, classification and exploitation. Finally, this paper designs and implements a prototype system for symbol-execution-based automated vulnerability exploitation and verifies its effectiveness through experiments. This research provides security analysts with an in-depth understanding of the types of vulnerabilities and determines methods for vulnerability exploitability, further improving the efficiency of analyzing and fixing vulnerabilities.