1

I'm looking for research on the topic if at all possible or readings about efforts into this.

Drilling down into binaries via fuzzing/fingerprinting for known vulnerable binary patterns and a little boilerplate shellcode to insert into binary when found seems doable.

I envision it working in layered steps.

Look for fingerprints of known vulnerable binary.
  Vulnerable? loop
    Yes: Insert shellcode at vulnerability. Continue searching.
    No:  Fuzz application, use collected errors as fitness rating. 
         If exploitation successful, add to fingerprints, append 
         shellcode, continue searching.

This comes with the assumption of having a binary "DNA database" for vulnerability fingerpriting. Fuzzing errors trying to crash in a specific way that can be exploited, which ranks them in the genepool. Some crashes are more valuable than others.

1fTBmq6q4DEaN2pnY
  • 11
  • 1
  • This sort of approach is sometimes [hinted at](https://www.crn.com/news/security/207401100/hackers-develop-automated-exploits.htm) but there's not much open source. I suspect it is done extensively within secret labs, but no-one wants to share their work. – paj28 Sep 04 '20 at 10:57
  • Shame, not sure what's so secret about it. Hill-climbing/GA approach to an ever improving static binary analysis. – 1fTBmq6q4DEaN2pnY Sep 04 '20 at 11:05
  • Secret because they want to use the exploits against live targets. I've no proof but I expect the NSA and Chinese government have hundreds or even thousands of people working on this. – paj28 Sep 04 '20 at 11:08
  • Have you searched for such projects/papers? – multithr3at3d Sep 05 '20 at 14:20
  • I have to the best of my abilities. Not an academic, just a hobbyist. Looking for GA approaches to binary exploitation didn't turn up much. – 1fTBmq6q4DEaN2pnY Sep 05 '20 at 16:27

1 Answers1

1

The ACM had a workshop on Artificial Intelligence and Security in 2018 as part of SIGSAC. They published the proceedings here: https://dl.acm.org/doi/proceedings/10.1145/3270101

cmhobbs
  • 111
  • 2