{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T15:49:00Z","timestamp":1783439340971,"version":"3.54.6"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031709029","type":"print"},{"value":"9783031709036","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70903-6_7","type":"book-chapter","created":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T22:04:30Z","timestamp":1725487470000},"page":"127-145","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["SAEG: Stateful Automatic Exploit Generation"],"prefix":"10.1007","author":[{"given":"Yifan","family":"Wu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yinshuai","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hong","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yinqian","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,9,5]]},"reference":[{"issue":"2","key":"7_CR1","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1145\/2560217.2560219","volume":"57","author":"T Avgerinos","year":"2014","unstructured":"Avgerinos, T., Cha, S.K., Rebert, A., Schwartz, E.J., Woo, M., Brumley, D.: Automatic exploit generation. Commun. ACM 57(2), 74\u201384 (2014)","journal-title":"Commun. ACM"},{"key":"7_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1007\/978-3-030-99524-9_24","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems - TACAS 2022","author":"H Barbosa","year":"2022","unstructured":"Barbosa, H., et al.: cvc5: A versatile and industrial-strength SMT solver. In: Fisman, D., Rosu, G. (eds.) TACAS 2022. LNCS, vol. 13243, pp. 415\u2013442. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-99524-9_24"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: techniques and implications. In: 2008 IEEE Symposium on Security and Privacy (SP 2008), pp. 143\u2013157. IEEE (2008)","DOI":"10.1109\/SP.2008.17"},{"key":"7_CR4","unstructured":"Cadar, C., Dunbar, D., Engler, D.R., et\u00a0al.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, vol.\u00a08, pp. 209\u2013224 (2008)"},{"key":"7_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/978-3-540-78800-3_24","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"L de Moura","year":"2008","unstructured":"de Moura, L., Bj\u00f8rner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337\u2013340. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78800-3_24"},{"key":"7_CR6","unstructured":"Fioraldi, A., Maier, D., Ei\u00dffeldt, H., Heuse, M.: $$\\{$$AFL++$$\\}$$: Combining incremental steps of fuzzing research. In: 14th USENIX Workshop on Offensive Technologies (WOOT 20) (2020)"},{"key":"7_CR7","unstructured":"Google: Syzkaller: an unsupervised coverage-guided kernel fuzzer (2006). github.com\/google\/syzkaller. Accessed 22 Dec 2023"},{"key":"7_CR8","unstructured":"Guilfanov, I.: F.l.i.r.t: Fast library identification and recognition technology (1997). hex-rays.com\/products\/ida\/tech\/flirt. Accessed 22 Dec 2023"},{"issue":"13","key":"7_CR9","doi-asserted-by":"publisher","first-page":"6593","DOI":"10.3390\/app12136593","volume":"12","author":"H Huang","year":"2022","unstructured":"Huang, H., Lu, Y., Pan, Z., Zhu, K., Yu, L., Zhang, L.: ExpGen: a 2-step vulnerability exploitability evaluation solution for binary programs under ASLR environment. Appl. Sci. 12(13), 6593 (2022)","journal-title":"Appl. Sci."},{"issue":"23","key":"7_CR10","doi-asserted-by":"publisher","first-page":"12556","DOI":"10.3390\/app132312556","volume":"13","author":"H Huang","year":"2023","unstructured":"Huang, H., Lu, Y., Zhu, K., Zhao, J.: CanaryExp: a canary-sensitive automatic exploitability evaluation solution for vulnerabilities in binary programs. Appl. Sci. 13(23), 12556 (2023)","journal-title":"Appl. Sci."},{"key":"7_CR11","unstructured":"Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15, pp. 49\u201363. IEEE (2002)"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"Liu, D., et al.: PanGR: a behavior-based automatic vulnerability detection and exploitation framework. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE), pp. 705\u2013712. IEEE (2018)","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00103"},{"key":"7_CR13","unstructured":"MITRE: Cve-cwe-121: Stack-based buffer overflow (2006). cwe.mitre.org\/data\/definitions\/121. Accessed 22 Dec 2023"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Mow, W.L., Huang, S.K., Hsiao, H.C.: Laeg: leak-based AEG using dynamic binary analysis to defeat ASLR. In: 2022 IEEE Conference on Dependable and Secure Computing (DSC), pp.\u00a01\u20138. IEEE (2022)","DOI":"10.1109\/DSC54232.2022.9888796"},{"key":"7_CR15","unstructured":"NIST: Realtek jungle SDK remote code execution vulnerability (2021). nvd.nist.gov\/vuln\/detail\/cve-2021-35394. Accessed 22 Dec 2023"},{"key":"7_CR16","unstructured":"NIST: Apache spark command injection vulnerability (2022). nvd.nist.gov\/vuln\/detail\/cve-2022-33891. Accessed 22 Dec 2023"},{"key":"7_CR17","unstructured":"radareorg: Radare2 (2023). github.com\/radareorg\/radare2. Accessed 22 Dec 2023"},{"key":"7_CR18","unstructured":"Roberts, C.: Zeratool: automatic exploit generation (AEG) and remote flag capture for exploitable CTF problems (2023). https:\/\/github.com\/ChrisTheCoolHut\/Zeratool. Accessed 22 Dec 2023"},{"key":"7_CR19","unstructured":"Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: $$\\{$$AddressSanitizer$$\\}$$: A fast address sanity checker. In: 2012 USENIX annual technical conference (USENIX ATC 12), pp. 309\u2013318 (2012)"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552\u2013561 (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"7_CR21","unstructured":"Thanassis, H.A., Kil, C.S., David, B.: AEG: automatic exploit generation. In: Ser. Network and Distributed System Security Symposium (2011)"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Wang, F., Shoshitaishvili, Y.: ANGR - the next generation of binary analysis. In: 2017 IEEE Cybersecurity Development (SecDev), pp.\u00a08\u20139. IEEE (2017)","DOI":"10.1109\/SecDev.2017.14"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Wang, Y., et al.: Revery: from proof-of-concept to exploitable. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1914\u20131927 (2018)","DOI":"10.1145\/3243734.3243847"},{"key":"7_CR24","unstructured":"Wang, Y., Zhang, C., Zhao, Z., Zhang, B., Gong, X., Zou, W.: $$\\{$$MAZE$$\\}$$: towards automated heap Feng Shui. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 1647\u20131664 (2021)"},{"key":"7_CR25","doi-asserted-by":"crossref","unstructured":"Xie, T., Zhang, Y., Li, J., Liu, H., Gu, D.: New exploit methods against ptmalloc of glibc. In: 2016 IEEE Trustcom\/BigDataSE\/ISPA, pp. 646\u2013653. IEEE (2016)","DOI":"10.1109\/TrustCom.2016.0121"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Xu, D., Chen, K., Lin, M., Lin, C., Wang, X.: AutoPWN: artifact-assisted heap exploit generation for CTF PWN competitions. IEEE Trans. Inf. Forensics Secur. (2023)","DOI":"10.1109\/TIFS.2023.3322319"},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"Xu, S., Wang, Y.: Bofaeg: automated stack buffer overflow vulnerability detection and exploit generation based on symbolic execution and dynamic analysis. Secur. Commun. Netw. 2022 (2022)","DOI":"10.1155\/2022\/1251987"},{"key":"7_CR28","unstructured":"Yang, S., Chen, K., Wang, Z., Zhang, C.: Exploit-oriented automated information leakage. Int. J. Sustain. Dev. Plan. 17(5) (2022)"},{"key":"7_CR29","unstructured":"Yun, I., Kapil, D., Kim, T.: Automatic techniques to systematically discover new heap exploitation primitives. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1111\u20131128 (2020)"},{"key":"7_CR30","unstructured":"Zalewski, M.: American fuzzy lop (2006). lcamtuf.coredump.cx\/afl. Accessed 22 Dec 2023"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70903-6_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T22:06:11Z","timestamp":1725487571000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70903-6_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031709029","9783031709036"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70903-6_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"5 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}