Thu, 30 Jan 2020 11:00 Greybox Automatic Exploit Generation for Language Interpreters by Sean Heelan (University of Oxford / Optimyze)

It is just over ten years since the first academic work on Automatic Exploit Generation (AEG). In this talk I will provide a brief history of the topic, and explain the current state of the art and open problems. I will then discuss our most recent work on greybox exploit generation against language interpreters. Language interpreters, such as those for Python, PHP, Javascript etc., are typically large and complex applications and difficult to analyse using whitebox methods, such as symbolic execution. In this work we have sought to create an entirely greybox pipeline for AEG. To do so we have broken down the exploit generation problem into several subproblems, constructed greybox solutions for each, and chained these solutions together to produce exploits. Our current implementation can produce exploits for the Python and PHP interpreters, and I will outline our ongoing efforts to extend this to Javascript interpreters.

Speaker Bio:

Sean Heelan is a co-founder/CTO of Optimyze and a PhD candidate at the University of Oxford. In the former role he develops products for increasing the efficiency of large-scale, cloud based systems, and in the latter he is investigating automated approaches to exploit generation. Previously he ran Persistence Labs, a reverse engineering tooling company, and worked as a Senior Security Researcher at Immunity Inc. At Immunity he lead a team under DARPA's Cyber Fast Track programme, investigating hybrid approaches to vulnerability detection using a mix of static and dynamic analyses.

Venue: McCrea 0-04