摘要
目前已有的漏洞利用平台支持的二进制漏洞种类不多,并且这些平台的灵活性和开发效率较低,缺少专门针对二进制漏洞利用工具的研发和生成系统。为此,提出一种新的二进制漏洞利用工具自动化生成框架。把漏洞利用过程模块化,通过多种模块组合的方式快速灵活地进行漏洞利用工具的研发和自动化生成。针对每个模块的不同特点,采用不同的设计方案,以实现更短的开发周期和更高的开发效率。实验结果表明,该框架简单易用,具有较高的灵活性和扩展性。
At present, the number of binary vulnerabilities supported by existing vulnerability utilization platforms is not much,and the flexibility and development efficiency of these platforms is low. There are few utilization tool R & D and generation systems specifically for binary vulnerabilities. Therefore, this paper presents a new automatic generation framework for binary vulnerability exploit tool. The framework modularizes the exploit process. The development and automation of vulnerability utilization tools are quickly and flexibly generated through a variety of modular combinations. According to the different characteristics of each module,different design is used to achieve a shorter development cycle and higher development efficiency. Experimental results show that the framework is simple and easy to use, with high flexibility and extensibility.
出处
《计算机工程》
CAS
CSCD
北大核心
2018年第3期127-131,共5页
Computer Engineering
关键词
漏洞利用
二进制漏洞
模块化
shellcode模块
研发框架
vulnerability utilization
binary vulnerability
modularization
shellcode module
development framework
