CRAX++: Modular Exploit Generator using Dynamic Symbolic Execution

中文In-PersonVulnerability AnalysisBinary Analysis

In the past, Automatic Exploit Generation (AEG) research was seldom open-sourced. This research was inspired from AFL++ , and publishes an open source exploit generator, CRAX++.

CRAX is an exploit generator developed by SQLab from National Chiao Tung University. The design principle of CRAX++ is to become an exploit generation framework which is clean architected, easy to extend, reproducible, and able to integrate several AEG researches in the future. Given a x86_64 Linux ELF and PoC input, the input will generate a specific execution path, the system uses concolic execution to search the limitation of that path, add exploit constraints to it, and generates the final exploit script by SMT solver. Additionally, the system enables users to add custom threat techniques and analyze modules, to maximize the scalability of the system.

This session will introduce the structure and design of CRAX++, and discuss the difficulties faced during development, and the future of the system.

Marco Wang

Marco Wang

@aesophor * Product Developer @ Synology * NYCU SQLab member * github.com/aesophor

English interpretations will be provided for all sessions not presented in English.

Agenda Table

Use event local timezone
TimeZone

00:30

  • Attendant Registration Time

01:20

  • Welcome Speech & Event Introduce

02:10

03:00

  • Break

03:15

04:05

  • Lunch

05:00

05:45

  • Break

06:00

06:45

  • Tea Time

07:00

07:25

08:10

  • Break

08:25

09:10

  • Closing