Control-flow integrity principles, implementations, and applications, ACM Transactions on Information and System Security, vol.13, issue.1, pp.1-440, 2009. ,
DOI : 10.1145/1609956.1609960
Satisfiability Modulo Theories ,
DOI : 10.1007/s10817-005-5204-9
URL : https://hal.archives-ouvertes.fr/hal-01095009
, Handbook of Model Checking, 2018.
Exploiting ROP attacks with a unique instruction. Bachelor's thesis, 2017. ,
the single instruction compiler ? Turning 'mov' into a soul-crushing RE nightmare, 2015. ,
A Framework for Automated Architecture-Independent Gadget Search, 4th USENIX Workshop on Offensive Technologies, WOOT '10, 2010. ,
Agafi (Advanced Gadget Finder), Ekoparty, 2014. ,
On Generating Gadget Chains for Return-Oriented Programming ,
Analyzing the Gadgets, Engineering Secure Software and Systems, pp.155-172 ,
DOI : 10.1145/2810103.2813673
URL : https://hal.archives-ouvertes.fr/hal-01321480
Return-oriented programme evolution with ROPER, Proceedings of the Genetic and Evolutionary Computation Conference Companion on , GECCO '17, pp.1447-1454, 2017. ,
DOI : 10.1145/1315245.1315313
A Perspective on Information-Flow Control Software Safety and Security -Tools for Analysis and Verification, NATO Science for Peace and Security Series -D : Information and Communication Security, pp.319-347, 2012. ,
, Christian Heitman. Compilador ROP. In Ekoparty, 2013.
, Christian Heitman. BARFing Gadgets, Ekoparty, 2014.
SciPy : Open source scientific tools for Python, 2001. ,
Der Hammer : x86-64 und das Um-schiffen des NX Bits, 22nd Chaos Communication Congress ? Private Investigations, 2005. ,
Aleph One) Smashing the Stack for Fun and Profit, Phrack, vol.7, issue.49, 1996. ,
In defense of soundiness, Defense of Soundiness : A Manifesto, pp.44-46, 2015. ,
DOI : 10.1145/2644805
The advanced return-into-lib(c) exploits : PaX case study, Phrack, pp.0-0, 2001. ,
Reachability Analysis of Program Variables, ACM Trans. Program. Lang. Syst, vol.3514, issue.4, pp.1-1468, 2014. ,
Guide to NumPy, 2015. ,
Did OptiROP ever get released ? I always solve these constrained ROP problems manually because no good tools exist ,
, Tavis Ormandy (@taviso). I know about DEPLIB, but it's not really usable. I think I'm just going to have to write the tool I want :( /cc @4dgifts, 2016.
OptiROP : hunting for ROP gadgets in style, Black Hat USA, 2013. ,
Capstone : Next Generation Disassembly Framework, Black Hat USA, 2014. ,
Return-Oriented Programming, ACM Transactions on Information and System Security, vol.15, issue.1, pp.1-2, 2012. ,
DOI : 10.1145/2133375.2133377
Synesthesia : Automated Generation of Encoding-Restricted Machine Code, Ekoparty, 2016. ,
Explicit Secrecy: A Policy for Taint Tracking, 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp.15-30, 2016. ,
DOI : 10.1109/EuroSP.2016.14
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask), 2010 IEEE Symposium on Security and Privacy, pp.317-331, 2010. ,
DOI : 10.1109/SP.2010.26
Q : Exploit Hardening Made Easy, Proceedings of the 20th USENIX Conference on Security, pp.25-25, 2011. ,
The geometry of innocent flesh on the bone, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, pp.552-561, 2007. ,
DOI : 10.1145/1315245.1315313
SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis, 2016 IEEE Symposium on Security and Privacy (SP), 2016. ,
DOI : 10.1109/SP.2016.17
Hanging on a ROPe, Ekoparty, 2010. ,