, Control-flow integrity principles, implementations, and applications, ACM Transactions on Information and System Security, vol.13, issue.1, pp.1-440, 2009.
DOI : 10.1145/1609956.1609960
, Satisfiability Modulo Theories
DOI : 10.1007/s10817-005-5204-9
URL : https://hal.archives-ouvertes.fr/hal-01095009
, Handbook of Model Checking, 2018.
, Exploiting ROP attacks with a unique instruction. Bachelor's thesis, 2017.
, the single instruction compiler ? Turning 'mov' into a soul-crushing RE nightmare, 2015.
, A Framework for Automated Architecture-Independent Gadget Search, 4th USENIX Workshop on Offensive Technologies, WOOT '10, 2010.
, Agafi (Advanced Gadget Finder), Ekoparty, 2014.
, On Generating Gadget Chains for Return-Oriented Programming
, Analyzing the Gadgets, Engineering Secure Software and Systems, pp.155-172
DOI : 10.1145/2810103.2813673
URL : https://hal.archives-ouvertes.fr/hal-01321480
, Return-oriented programme evolution with ROPER, Proceedings of the Genetic and Evolutionary Computation Conference Companion on , GECCO '17, pp.1447-1454, 2017.
DOI : 10.1145/1315245.1315313
, A Perspective on Information-Flow Control Software Safety and Security -Tools for Analysis and Verification, NATO Science for Peace and Security Series -D : Information and Communication Security, pp.319-347, 2012.
, Christian Heitman. Compilador ROP. In Ekoparty, 2013.
, Christian Heitman. BARFing Gadgets, Ekoparty, 2014.
, SciPy : Open source scientific tools for Python, 2001.
, Der Hammer : x86-64 und das Um-schiffen des NX Bits, 22nd Chaos Communication Congress ? Private Investigations, 2005.
, Aleph One) Smashing the Stack for Fun and Profit, Phrack, vol.7, issue.49, 1996.
, In defense of soundiness, Defense of Soundiness : A Manifesto, pp.44-46, 2015.
DOI : 10.1145/2644805
, The advanced return-into-lib(c) exploits : PaX case study, Phrack, pp.0-0, 2001.
, Reachability Analysis of Program Variables, ACM Trans. Program. Lang. Syst, vol.3514, issue.4, pp.1-1468, 2014.
, Guide to NumPy, 2015.
, Did OptiROP ever get released ? I always solve these constrained ROP problems manually because no good tools exist
, Tavis Ormandy (@taviso). I know about DEPLIB, but it's not really usable. I think I'm just going to have to write the tool I want :( /cc @4dgifts, 2016.
, OptiROP : hunting for ROP gadgets in style, Black Hat USA, 2013.
, Capstone : Next Generation Disassembly Framework, Black Hat USA, 2014.
, Return-Oriented Programming, ACM Transactions on Information and System Security, vol.15, issue.1, pp.1-2, 2012.
DOI : 10.1145/2133375.2133377
, Synesthesia : Automated Generation of Encoding-Restricted Machine Code, Ekoparty, 2016.
, Explicit Secrecy: A Policy for Taint Tracking, 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp.15-30, 2016.
DOI : 10.1109/EuroSP.2016.14
, All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask), 2010 IEEE Symposium on Security and Privacy, pp.317-331, 2010.
DOI : 10.1109/SP.2010.26
, Q : Exploit Hardening Made Easy, Proceedings of the 20th USENIX Conference on Security, pp.25-25, 2011.
, The geometry of innocent flesh on the bone, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, pp.552-561, 2007.
DOI : 10.1145/1315245.1315313
, SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis, 2016 IEEE Symposium on Security and Privacy (SP), 2016.
DOI : 10.1109/SP.2016.17
, Hanging on a ROPe, Ekoparty, 2010.