Description:

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only! Grab it Watch a conference talk from USENIX Security '24 exploring Einstein, an innovative data-only attack exploitation pipeline. Learn how researchers from Vrije Universiteit Amsterdam developed a lightweight approach to identify and exploit vulnerabilities in system calls, moving beyond traditional control-flow hijacking methods. Discover how Einstein employs dynamic taint analysis policies to scan for vulnerable syscall chains and generate exploits from unmodified attacker data. Examine the tool's effectiveness through a case study of nginx, where it generated 944 exploits and successfully bypassed modern security mitigations. Gain insights into practical attack generation techniques that address real-world attacker goals without relying on complex symbolic execution or manual gadget chaining.

Practical Data-Only Attack Generation Using Einstein - A Dynamic Taint Analysis Approach

USENIX

Add to list

#Information Security (InfoSec) #Cybersecurity #Programming #Web Development #Nginx #Computer Security #Computer Science #Operating Systems #System Calls #Vulnerability Analysis #Control-Flow Integrity

Practical Data-Only Attack Generation Using Einstein - A Dynamic Taint Analysis Approach

USENIX Security '24 - Practical Data-Only Attack Generation