| CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)] | 16 Claims |
|
1. A system for automated exploit generation, the system comprising:
a processor; and
a memory associated with the processor having instructions stored thereon that when executed will cause the processor to:
receive input data representative of a target action to establish a target having a potential target vulnerability;
build a simulated or emulated target environment that includes the established target;
conduct an analysis method including one or more of a static, a concrete, a dynamic, or a symbolic analysis of one or more exploitation techniques, the analysis method configured to generate one or more artifacts including one or more behavioral signatures of exploit primitives that translate across different and disparate exploitation techniques;
create a chainable sequence including the one or more artifacts and one or more of an information disclosure, a read, a write, or an execution exploit primitive;
generate an exploit chain that, when executed by the processor in response to the target action, will transform the target action to a target failure within the simulated or emulated target environment and thereby expose the target vulnerability, the exploit chain including the chainable sequence;
execute the exploit chain within the simulated or emulated target environment to examine coverage of the exposed target vulnerability; and
generate an output representative of the exposed target vulnerability.
|