Abstract: A method for determining a binary function entry includes distinguishing a text section and an exception handling section by parsing a binary code, disassembling the text section to determine an address of an end branch instruction, an address of a direct call target, and an address of a direct jump target, determining an indirect return function call address from the addresses of the end branch instructions, determining an exception handling block address from the addresses of the end branch instructions, excluding the indirect return function call address and the exception handling block address from the addresses of the end branch instructions and determining a tail call corresponding to the binary function entry from the addresses of the direct jump targets.

Abstract: Disclosed is a window kernel fuzzing technique utilizing type information obtained through binary static analysis. The method of fuzzing a kernel of a computer operating system performed by a fuzzing system may include the steps of: automatically inferring type information of a system call using a library file provided by the computer operating system; and performing system call fuzzing on the basis of the type information of the system call obtained through the inference.

Abstract: Disclosed is a window kernel fuzzing technique utilizing type information obtained through binary static analysis. The method of fuzzing a kernel of a computer operating system performed by a fuzzing system may include the steps of: automatically inferring type information of a system call using a library file provided by the computer operating system; and performing system call fuzzing on the basis of the type information of the system call obtained through the inference.

Abstract: Disclosed are an apparatus, a method, and a computer program by which it is determined whether a target network program generated in a software defined network is malicious by extracting a feature of a behavior graph of the target network program and applying machine learning to the behavior graph. Accordingly, a security and safety of a software defined network may be improved by detecting whether a computer program is malicious before the malware is installed.

Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.

Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.

Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.

Abstract: A system and method for automatically generating exploits, such as exploits for target code, is described. In some implementations, the system received binary code and/or source code of a software applications, finds one or more exploitable bugs within the software application, and automatically generates exploits for the exploitable bugs.

Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.

Abstract: Computer memory access monitoring and error checking systems and processes are disclosed herein. In one embodiment, a computer implemented method includes executing a computer program having a first object in a first memory location and having a value corresponding to a second memory location holding a second object. The method also includes, during a memory read from the second memory location, performing a comparison of a first version of the first memory location and a second version of the second memory location. The method further includes determining if an error exists in the computer program based on the comparison between the first version and the second version.

Abstract: A system and method for automatically generating exploits, such as exploits for target code, is described. In some implementations, the system received binary code and/or source code of a software applications, finds one or more exploitable bugs within the software application, and automatically generates exploits for the exploitable bugs.