{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T16:24:46Z","timestamp":1775665486107,"version":"3.50.1"},"reference-count":70,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T00:00:00Z","timestamp":1755043200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T00:00:00Z","timestamp":1755043200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Automatic exploit generation (AEG) refers to the process of automatically finding the path in the program that can trigger vulnerabilities and generate exploits. Typically, the process of finding vulnerabilities requires fuzzing and symbolic execution techniques. The existing AEG usually sets the preset environment ideally, which does not enable all protection mechanisms. This environment is not universally applicable in actual attacks. In the newest version of GCC, the default compilation configuration has enabled all protection mechanisms. In response to this situation, we propose an exploit generation system Protection Bypass Automatic Exploit Generator (PBAEG) which automatically detects some types of stack overflow vulnerabilities and format string vulnerabilities. Then PBAEG combines the above two vulnerabilities to generate exploits. PBAEG uses symbolic execution and dynamic binary analysis to find the above two vulnerabilities, adopts different exploit generation strategies for different protection mechanisms, and defeats Non-Executable, Position-Independent Executable, Canary, and Address Space Layout Randomization (ASLR) protection mechanisms. At the same time, for some difficult-to-exploit situations, advanced stack overflow exploitation methods are applied to generate exploits. Finally, we also use docker to simulate the remote environment to test the ability of PBAEG to attack the remote environment. Experiments show that PBAEG can complete the vulnerability detection and exploitation generation of 124 binary files, 22 capture-the-flag binary files, and 10 public software, which takes a shorter time than the existing AEG and covers more types of vulnerabilities. PBAEG adopts more vulnerability exploitation techniques, can generate exploits in the form of files by using pwntools, and successfully verifies the exploitations generated in the remote simulation environment.<\/jats:p>","DOI":"10.1186\/s42400-024-00322-9","type":"journal-article","created":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T01:02:28Z","timestamp":1755046948000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Pbaeg: combine-vulnerabilities AEG to defeat protection mechanisms"],"prefix":"10.1186","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-3482-817X","authenticated-orcid":false,"given":"Yu","family":"Wang","sequence":"first","affiliation":[]},{"given":"Zhoujun","family":"Li","sequence":"additional","affiliation":[]},{"given":"Yipeng","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,13]]},"reference":[{"key":"322_CR1","unstructured":"Address space layout randomization (2023). https:\/\/en.wikipedia.org\/wiki\/Address_space_layout_randomization"},{"key":"322_CR2","unstructured":"Advanced return-into-lib(c) exploits. http:\/\/phrack.org\/issues\/58\/4.html"},{"issue":"6","key":"322_CR3","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1145\/2927924","volume":"59","author":"T Avgerinos","year":"2016","unstructured":"Avgerinos T, Rebert A, Cha SK (2016) Brumley D enhancing symbolic execution with veritesting. Commun ACM 59(6):93\u2013100","journal-title":"Commun ACM"},{"key":"322_CR4","doi-asserted-by":"crossref","unstructured":"Bao T, Wang R, Shoshitaishvili Y, Brumley D (2017) Your exploit is mine: Automatic shellcode transplant for remote exploits. In 2017 IEEE Symposium on Security and Privacy (SP), pages 824\u2013839. IEEE","DOI":"10.1109\/SP.2017.67"},{"key":"322_CR5","doi-asserted-by":"crossref","unstructured":"Boonstoppel P, Cadar C, Engle DR (2008) Rwset: Attacking path explosion in constraint-based test generation. In C.\u00a0R. Ramakrishnan and Jakob Rehof, editors, Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings, volume 4963 of Lecture Notes in Computer Science, pages 351\u2013366. Springer, 2008","DOI":"10.1007\/978-3-540-78800-3_27"},{"key":"322_CR6","unstructured":"Buffer overflow protection (2023). https:\/\/en.wikipedia.org\/wiki\/Buffer_overflow _protection"},{"key":"322_CR7","doi-asserted-by":"crossref","unstructured":"Cha SK, Avgerinos T, Rebert A, Brumley D (2012) Unleashing mayhem on binary code. In IEEE Symposium on Security and Privacy, SP 2012, 21-23 May 2012, San Francisco, California, USA, pages 380\u2013394. IEEE Computer Society","DOI":"10.1109\/SP.2012.31"},{"key":"322_CR8","unstructured":"Crax++ (2022). https:\/\/github.com\/SQLab\/CRAXplusplus"},{"key":"322_CR65","unstructured":"ctftime (2023). https:\/\/ctftime.org\/"},{"key":"322_CR9","unstructured":"DAPRA Cyber Grand Challenge (CGC). https:\/\/www.darpa.mil\/program\/cyber-grand-challenge"},{"issue":"23","key":"322_CR10","doi-asserted-by":"publisher","first-page":"11925","DOI":"10.3390\/app122311925","volume":"12","author":"L Danjun","year":"2022","unstructured":"Danjun L, Wang P, Zhou X, Wang B (2022) Erace: toward facilitating exploit generation for kernel race vulnerabilities. Appl Sci 12(23):11925","journal-title":"Appl Sci"},{"key":"322_CR66","unstructured":"defcon (2019). https:\/\/defcon.org\/"},{"key":"322_CR11","unstructured":"Defcon-2019-speedrun-binary (2019). https:\/\/github.com\/dlehgus1023\/DEFCON-2019-Speedrun-binary"},{"key":"322_CR12","doi-asserted-by":"crossref","unstructured":"Dixit S, Geethna TK, Jayaraman S, Pavithran V (2021) Angerza: automated exploit generation. In 12th International Conference on Computing Communication and Networking Technologies, ICCCNT 2021, Kharagpur, India, July 6-8, 2021, pages 1\u20136. IEEE, 2021","DOI":"10.1109\/ICCCNT51525.2021.9579959"},{"key":"322_CR67","unstructured":"exploit database (2023). https:\/\/www.exploit-db.com\/"},{"key":"322_CR13","unstructured":"Executable space protection (2023). https:\/\/en.wikipedia.org\/wiki\/Executable_space_protection"},{"key":"322_CR14","doi-asserted-by":"crossref","unstructured":"Fang H, Fen W, Fu M (2018) An automatic exploit generation method based on symbolic execution. In 2018 Eighth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC), pages 437\u2013440. IEEE","DOI":"10.1109\/IMCCC.2018.00098"},{"key":"322_CR15","doi-asserted-by":"crossref","unstructured":"Feng Z, Guo D, Tang D, Duan N, Feng X, Gong M, Shou L, Qin B, Liu T, Jiang D, Zhou M (2020) Codebert: A pre-trained model for programming and natural languages. In Trevor Cohn, Yulan He, and Yang Liu, editors, Findings of the Association for Computational Linguistics: EMNLP 2020, Online Event, 16-20 November 2020, volume EMNLP 2020 of Findings of ACL, pages 1536\u20131547. Association for Computational Linguistics","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"322_CR16","unstructured":"Fioraldi A, Maier DC, Ei\u00dffeldt H, Heuse M (2020) AFL++ : Combining incremental steps of fuzzing research. In Yuval Yarom and Sarah Zennou, editors, 14th USENIX Workshop on Offensive Technologies, WOOT 2020, August 11, 2020. USENIX Association"},{"key":"322_CR17","unstructured":"Flatem A (2019) An analysis of return-oriented programming. Master\u2019s thesis"},{"key":"322_CR18","unstructured":"Flirt signature file (2023). https:\/\/www.hex-rays.com\/products\/ida\/support\/idadoc\/436.shtml"},{"key":"322_CR19","unstructured":"Fortify_source (2013). https:\/\/stackoverflow.com\/tags\/fortify-source\/info"},{"key":"322_CR20","unstructured":"Fortify_source_patch (2004). https:\/\/gcc.gnu.org\/legacy-ml\/gcc-patches\/2004-09\/msg02055.html"},{"key":"322_CR21","doi-asserted-by":"crossref","unstructured":"Ge X, Talele N, Payer M, Jaeger T (2016) Fine-grained control-flow integrity for kernel software. In 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pages 179\u2013194. IEEE","DOI":"10.1109\/EuroSP.2016.24"},{"key":"322_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2022.111577","volume":"197","author":"Yu Guang Yang","year":"2023","unstructured":"Guang Yang Yu, Zhou Xiang Chen, Zhang Xiangyu, Han Tingting, Chen Taolue (2023) Exploitgen: template-augmented exploit code generation based on codebert. J Syst Softw 197:111577","journal-title":"J Syst Softw"},{"key":"322_CR23","unstructured":"Hardening ELF binaries using Relocation Read-Only (RELRO) (2019). https:\/\/www.redhat.com\/en\/blog\/hardening-elf-binaries-using-relocation-read-only-relro"},{"key":"322_CR24","unstructured":"Hooking. https:\/\/en.wikipedia.org\/wiki\/Hooking"},{"key":"322_CR25","unstructured":"Hu H, Chua ZL, Adrian S, Saxena P, Liang Z (2015) Automatic generation of data-oriented exploits. In Jaeyeon Jung and Thorsten Holz, editors, 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015, pages 177\u2013192. USENIX Association"},{"key":"322_CR26","doi-asserted-by":"crossref","unstructured":"Hu H, Shinde S, Adrian S, Chua ZL, Saxena P, Liang Z (2016) Data-oriented programming: On the expressiveness of non-control data attacks. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016, pages 969\u2013986. IEEE Computer Society","DOI":"10.1109\/SP.2016.62"},{"issue":"13","key":"322_CR27","doi-asserted-by":"publisher","first-page":"6593","DOI":"10.3390\/app12136593","volume":"12","author":"Hui Huang","year":"2022","unstructured":"Huang Hui, Yuliang Lu, Pan Zulie, Kailong Zhu LuYu, Zhang Liqun (2022) Expgen: a 2-step vulnerability exploitability evaluation solution for binary programs under ASLR environment. Appl Sci 12(13):6593","journal-title":"Appl Sci"},{"key":"322_CR28","doi-asserted-by":"crossref","unstructured":"Huang SK, Huang MH, Huang PY, Lai CW, Lu HL, Leong WM (2012) CRAX: software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations. In Sixth International Conference on Software Security and Reliability, SERE 2012, Gaithersburg, Maryland, USA, 20-22 June , pages 78\u201387. IEEE","DOI":"10.1109\/SERE.2012.20"},{"key":"322_CR29","doi-asserted-by":"crossref","unstructured":"Ispoglou KK, AlBassam B, Jaeger T, Payer M (2018) Block oriented programming: Automating data-only attacks. CoRR, abs\/1805.04767","DOI":"10.1145\/3243734.3243739"},{"key":"322_CR30","doi-asserted-by":"crossref","unstructured":"Ji T, Wu Y, Wang C, Zhang X, Wang Z (2018) The coming era of alphahacking?: A survey of automatic software vulnerability detection, exploitation and patching techniques. In Third IEEE International Conference on Data Science in Cyberspace, DSC 2018, Guangzhou, China, June 18-21, 2018, pages 53\u201360. IEEE","DOI":"10.1109\/DSC.2018.00017"},{"key":"322_CR31","doi-asserted-by":"crossref","unstructured":"Jiang Z, Zhang Y, Xu J, Sun X, Liu Z, Yang M (2022) Aem: Facilitating cross-version exploitability assessment of linux kernel vulnerabilities. In 2023 IEEE Symposium on Security and Privacy (SP), pages 588\u2013603. IEEE Computer Society","DOI":"10.1109\/SP46215.2023.10179305"},{"issue":"1","key":"322_CR32","doi-asserted-by":"publisher","first-page":"650","DOI":"10.1109\/TDSC.2022.3141396","volume":"20","author":"Ling Jin","year":"2023","unstructured":"Jin Ling, Cao Yinzhi, Chen Yan, Zhang Di, Campanoni Simone (2023) Exgen: cross-platform, automated exploit generation for smart contract vulnerabilities. IEEE Trans Depend Secur Comput 20(1):650\u2013664","journal-title":"IEEE Trans Depend Secur Comput"},{"key":"322_CR33","doi-asserted-by":"crossref","unstructured":"Jonathan Metzman, L\u00e1szl\u00f3 Szekeres, Laurent Simon, Read Sprabery, and Abhishek Arya (2021) Fuzzbench: an open fuzzer benchmarking platform and service. In Diomidis Spinellis, Georgios Gousios, Marsha Chechik, and Massimiliano\u00a0Di Penta, editors, ESEC\/FSE \u201921: 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Athens, Greece, August 23-28, 2021, pages 1393\u20131403. ACM, 2021","DOI":"10.1145\/3468264.3473932"},{"key":"322_CR34","doi-asserted-by":"crossref","unstructured":"Leonardo\u00a0Mendon\u00e7a de\u00a0Moura and Nikolaj\u00a0S. Bj\u00f8rner. Z3: an efficient SMT solver. In C.\u00a0R. Ramakrishnan and Jakob Rehof, editors, Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings, volume 4963 of Lecture Notes in Computer Science, pages 337\u2013340. Springer, 2008","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"322_CR35","doi-asserted-by":"crossref","unstructured":"Li Z, Zou D, Xu S, Ou X, Jin H, Wang S, Deng Z, Zhong Y (2018) Vuldeepecker: A deep learning-based system for vulnerability detection. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. The Internet Society","DOI":"10.14722\/ndss.2018.23158"},{"issue":"1","key":"322_CR36","first-page":"30","volume":"29","author":"Pietro Liguori","year":"2022","unstructured":"Liguori Pietro, Al-Hossami Erfan, Cotroneo Domenico, Natella Roberto, Cukic Bojan, Shaikh Samira (2022) Can we generate shellcodes via natural language? an empirical study. AutomSoftw Eng 29(1):30","journal-title":"AutomSoftw Eng"},{"key":"322_CR37","doi-asserted-by":"crossref","unstructured":"Liguori P, Al-Hossami E, Orbinato V, Natella R, Shaikh S, Cotroneo D, Cukic B (2021) EVIL: exploiting software via natural language. In Zhi Jin, Xuandong Li, Jianwen Xiang, Leonardo Mariani, Ting Liu, Xiao Yu, and Nahgmeh Ivaki, editors, 32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021, Wuhan, China, October 25-28, 2021, pages 321\u2013332. IEEE","DOI":"10.1109\/ISSRE52982.2021.00042"},{"key":"322_CR38","doi-asserted-by":"crossref","unstructured":"Liu Z, Wang Z, Zhang Y, Liu T, Fang B, Pang Z (2022) Automated crash analysis and exploit generation with extendable exploit model. In 7th IEEE International Conference on Data Science in Cyberspace, DSC 2022, Guilin, China, July 11-13, 2022, pages 71\u201378. IEEE","DOI":"10.1109\/DSC55868.2022.00017"},{"key":"322_CR39","unstructured":"Marco-Gisbert H , Ripoll I (2018) Return-to-csu: a new method to bypass 64-bit linux aslr. In Black Hat Asia 2018"},{"key":"322_CR40","doi-asserted-by":"crossref","unstructured":"Mow WL, Huang SK, Hsiao HC (2022) LAEG: leak-based AEG using dynamic binary analysis to defeat ASLR. In IEEE Conference on Dependable and Secure Computing, DSC 2022, Edinburgh, UK, June 22-24, 2022, pages 1\u20138. IEEE","DOI":"10.1109\/DSC54232.2022.9888796"},{"key":"322_CR41","unstructured":"Newsham T (2000) Format string attacks"},{"key":"322_CR42","unstructured":"Park S, Kim D, Jana S, Son S (2022) FUGIO: automatic exploit generation for PHP object injection vulnerabilities. In Kevin R.\u00a0B. Butler and Kurt Thomas, editors, 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, pages 197\u2013214. USENIX Association"},{"key":"322_CR43","doi-asserted-by":"crossref","unstructured":"Perl H, Dechand S, Smith M, Arp D, Yamaguchi F, Rieck K, Fahl S, Acar Y (2015) Vccfinder: Finding potential vulnerabilities in open-source projects to assist code audits. In Indrajit Ray, Ninghui Li, and Christopher Kruegel, editors, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-16, 2015, pages 426\u2013437. ACM","DOI":"10.1145\/2810103.2813604"},{"key":"322_CR68","unstructured":"pwntools (2023). https:\/\/github.com\/Gallopsled\/pwntools"},{"key":"322_CR44","unstructured":"Position-independent code (2023). https:\/\/en.wikipedia.org\/wiki\/Position-independent_code"},{"key":"322_CR69","unstructured":"radare2 (2023). https:\/\/github.com\/radareorg\/radare2"},{"key":"322_CR70","unstructured":"radare2 sdb file (2023). https:\/\/book.rada.re\/basic_commands\/sdb.html"},{"key":"322_CR45","doi-asserted-by":"crossref","unstructured":"Roberto Baldoni, Emilio Coppa, Daniele\u00a0Cono D\u2019Elia, Camil Demetrescu, and Irene Finocchi. A survey of symbolic execution techniques. ACM Comput Surv, 51(3):50:1\u201350:39, 2018","DOI":"10.1145\/3182657"},{"key":"322_CR46","unstructured":"Ropgadget (2023). https:\/\/github.com\/JonathanSalwan\/ROPgadget"},{"key":"322_CR47","unstructured":"Schwartz EJ, Avgerinos T, Brumley D (2011) Q: exploit hardening made easy. In 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-12, 2011, Proceedings. USENIX Association"},{"issue":"2","key":"322_CR48","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1109\/MSP.2018.1870858","volume":"16","author":"Yan Shoshitaishvili","year":"2018","unstructured":"Shoshitaishvili Yan, Bianchi Antonio, Borgolte Kevin, Cama Amat, Corbetta Jacopo, Disperati Francesco, Dutcher Andrew, Grosen John, Grosen Paul, Machiry Aravind, Salls Christopher, Stephens Nick, Wang Ruoyu, Vigna Giovanni (2018) Mechanical phish: resilient autonomous hacking. IEEE Secur Priv 16(2):12\u201322","journal-title":"IEEE Secur Priv"},{"key":"322_CR49","unstructured":"Shoshitaishvili Y (2017) Building a Base for Cyber-autonomy. PhD thesis, University of California, Santa Barbara, USA"},{"key":"322_CR50","unstructured":"Smashing the stack for fun and profit. https:\/\/inst.eecs.berkeley.edu\/~cs161\/fa08\/papers\/stack_smashing.pdf"},{"key":"322_CR51","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102995","volume":"124","author":"Ruipeng Wang","year":"2023","unstructured":"Wang Ruipeng, Chen Kaixiang, Pan Zulie, Li Yuwei, Li Qianyu, Li Yang, Zhang Min, Zhang Chao (2023) Tunter: assessing exploitability of vulnerabilities with taint-guided exploitable states exploration. Comput Secur 124:102995","journal-title":"Comput Secur"},{"issue":"20","key":"322_CR52","doi-asserted-by":"publisher","first-page":"9727","DOI":"10.3390\/app11209727","volume":"11","author":"Ruipeng Wang","year":"2021","unstructured":"Wang Ruipeng, Pan Zulie, Shi Fan, Zhang Min (2021) Aemb: an automated exploit mitigation bypassing solution. Appl Sci 11(20):9727","journal-title":"Appl Sci"},{"key":"322_CR53","doi-asserted-by":"crossref","unstructured":"Wang F, Shoshitaishvili Y (2017) Angr - the next generation of binary analysis. In IEEE Cybersecurity Development, SecDev 2017, Cambridge, MA, USA, September 24-26, 2017, pages 8\u20139. IEEE Computer Society","DOI":"10.1109\/SecDev.2017.14"},{"key":"322_CR54","doi-asserted-by":"crossref","unstructured":"Wang M, Su P, Li Q, Ying L, Yang Y, Feng D (2013) Automatic polymorphic exploit generation for software vulnerabilities. In Tanveer\u00a0A. Zia, Albert\u00a0Y. Zomaya, Vijay Varadharajan, and Zhuoqing\u00a0Morley Mao, editors, Security and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers, volume 127 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pages 216\u2013233. Springer","DOI":"10.1007\/978-3-319-04283-1_14"},{"key":"322_CR55","unstructured":"Wang Y, Zhang C, Zhao Z, Zhang B, Gong X, Zou W (2021) MAZE: towards automated heap feng shui. In Michael Bailey and Rachel Greenstadt, editors, 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, pages 1647\u20131664. USENIX Association"},{"key":"322_CR56","doi-asserted-by":"crossref","unstructured":"Xu L, Jia W, Dong W, Li Y (2018) Automatic exploit generation for buffer overflow vulnerabilities. In 2018 IEEE International Conference on Software Quality, Reliability and Security Companion, QRS Companion 2018, Lisbon, Portugal, July 16-20, 2018, pages 463\u2013468. IEEE","DOI":"10.1109\/QRS-C.2018.00085"},{"key":"322_CR57","doi-asserted-by":"crossref","unstructured":"Xu S, Wang Y (2022) Bofaeg: automated stack buffer overflow vulnerability detection and exploit generation based on symbolic execution and dynamic analysis. Security and Communication Networks","DOI":"10.1155\/2022\/1251987"},{"key":"322_CR58","doi-asserted-by":"crossref","unstructured":"Yamaguchi F, Golde N, Arp D, Rieck K (2014) Modeling and discovering vulnerabilities with code property graphs. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014, pages 590\u2013604. IEEE Computer Society","DOI":"10.1109\/SP.2014.44"},{"key":"322_CR59","doi-asserted-by":"crossref","unstructured":"Yang G, Chen X, Zhou Y, Yu C (2022) Dualsc: automatic generation and summarization of shellcode via transformer and dual learning. In IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2022, Honolulu, HI, USA, March 15-18, 2022, pages 361\u2013372. IEEE","DOI":"10.1109\/SANER53432.2022.00052"},{"key":"322_CR60","doi-asserted-by":"crossref","unstructured":"You W, Zong P, Chen K, Wang X, Liao X, Bian P, Liang B (2017) Semfuzz: Semantics-based automatic generation of proof-of-concept exploits. In Bhavani Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, pages 2139\u20132154. ACM","DOI":"10.1145\/3133956.3134085"},{"key":"322_CR61","unstructured":"Zeratool (2022). https:\/\/github.com\/ChrisTheCoolHut\/Zeratool"},{"key":"322_CR62","doi-asserted-by":"crossref","unstructured":"Zhang B, Deng F Tetris (2022) Automatic UAF exploit generation by manipulating layout based on reactivated paths. In 23rd ACIS International Summer Virtual Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing, SNPD 2022 - Summer, Kyoto City, Japan, July 4-7, 2022, pages 1\u20138. IEEE","DOI":"10.1109\/SNPD-Summer57817.2022.00010"},{"key":"322_CR63","unstructured":"Zhao B, Li Z, Qin S, Ma Z, Yuan M, Zhu W, Tian Z, Zhang C (2022) Statefuzz: System call-based state-aware linux driver fuzzing. In Kevin R.\u00a0B. Butler and Kurt Thomas, editors, 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, pages 3273\u20133289. USENIX Association"},{"key":"322_CR64","unstructured":"Zheng Y, Davanian A, Yin H, Song C, Zhu H, Sun L (2019) FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation. In Nadia Heninger and Patrick Traynor, editors, 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, pages 1099\u20131114. USENIX Association"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00322-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00322-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00322-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T01:02:52Z","timestamp":1755046972000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00322-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,13]]},"references-count":70,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["322"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00322-9","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,13]]},"assertion":[{"value":"20 December 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 June 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 August 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"53"}}