Automatic Heap Layout Manipulation via #UseSec18

Automatic exploit generation is a concept that has been studied during the last years, focusing mainly on buffer overflows located in the stack. The main objective of these works is generally to develop algorithms that produce control-flow hijacking exploits based

Position-independent Code Reuse via #EuroSP18

A few years ago, one of the most common attacks was to take advantage of a memory corruption error such as a buffer overflow to inject code (usually shellcode) and divert the flow of control to that code. However, with

Web-To-Mobile Vulnerabilities via #SP18

Currently a large number of mobile applications are simple front ends of their corresponding web APIs. Although this is not a danger in itself, it brings with it a very important implication regarding the validation process of data entry: The

Benchmarking Crimes via #arXiv

The evaluation of the prototype that is developed in a scientific work is a very important part of the investigation since it determines if the proposed system fulfills its objectives and how well it does it, which is essential to

Code-reuse attacks for the Web via #CCS17

Cross-site scripting (XSS) vulnerabilities are a fairly recurrent problem on the web even though it was publicly documented in 2000. These attacks allow a malicious actor to completely alien certain web page to inject and execute code not authorized by

Variadic Vulnerabilities Vanquished via #UseSec17

Researchers at Purdue, Politecnico di Milano and California – Irvine universities presented this summer in Usenix Security a work focused on trying to prevent and eradicate vulnerabilities caused by the abuse of variadic functions. A variadic function is one that