Cyber Daily Report

Blog Post

Home Post

Automatic Exploit Generation (AEG): The Future of Cybersecurity Automation

  • Mohammad Jafari Dehkordi
  • published date: 2025-03-05 08:33:49

In the world of cybersecurity, staying ahead of vulnerabilities is a constant challenge. Automatic Exploit Generation (AEG) is an innovative technology that automates the discovery of software vulnerabilities and the creation of exploits to demonstrate their impact. In this blog post, we will explore what AEG is, how it works, the tools behind it, and the challenges that remain in perfecting this technology.

What is Automatic Exploit Generation (AEG)? 

Imagine a tool that can automatically find weaknesses in software and then craft exploits to prove how those weaknesses can be exploited. That is exactly what AEG does! It combines techniques such as symbolic execution, fuzzing, and machine learning to: 

  1. Identify vulnerabilities: Such as buffer overflows, use-after-free bugs, or memory corruption issues. 

  1. Generate exploits: Create working exploits to demonstrate the impact of the vulnerability. 

  1. Provide actionable insights: Help developers to patch the flaws before they can be exploited by malicious actors. 

AEG is a game-changer for penetration testing, bug bounty programs, and even software development, where it can be integrated into the development lifecycle to catch vulnerabilities early. 

How Does AEG Work? 

AEG has come a long way in recent years, thanks to advancements in program analysis, machine learning, and hybrid techniques. Here are some of the most exciting methods being used today: 

  1. Symbolic Execution: A a powerful technique that explores all possible paths a program can take by treating inputs as symbolic variables. Tools such as Angr and KLEE use this method to find vulnerabilities and generate inputs that trigger them.  

  1. Fuzzing: Involves feeding random or semi-random inputs to a program to trigger unexpected behavior. Modern fuzzers such as American Fuzzy Lop (AFL) and LibFuzzer are often combined with AEG techniques to improve coverage.  

  1. Machine Learning (ML): Revolutionizing AEG by predicting vulnerable code patterns and optimizing exploit generation. For example, reinforcement learning can guide fuzzing or symbolic execution to focus on the most promising paths.  

  1. Binary Analysis: When source code isn’t available, AEG tools analyze binary code directly. Techniques such as disassembly, decompilation, and dynamic analysis are used to identify vulnerabilities. Tools such as S2E and QBDI are leading the way in binary-level exploit generation. 

  1. Hybrid Approaches: Combining multiple techniques such as fuzzing, symbolic execution, and machine learning has proven to be highly effective. Tools such as Driller and Mayhem use hybrid methods to achieve better coverage and generate more reliable exploits. 

Recent Notable AEG Tools 

Notable AEG Tools: 

  • FUGIO: Developed in 2022, FUGIO is the first AEG tool specifically designed for PHP Object Injection (POI) vulnerabilities. It combines static and dynamic analyses to identify gadget chains and generate exploit objects for POI vulnerabilities. 

  • Zeratool: This tool leverages the Angr binary analysis framework to perform concolic analysis of binaries, identifying exploitable paths and generating payloads for remote code execution. It is particularly useful in Capture the Flag (CTF) competitions for automatic exploit generation. 

  • AAHEG (Automatic Advanced Heap Exploit Generation): Introduced in 2022, AAHEG focuses on heap-related vulnerabilities. It employs symbolic execution to detect vulnerabilities and constructs exploits capable of bypassing modern protection mechanisms in Linux environments.

Challenges in Automatic Exploit Generation (AEG) 

Automatic Exploit Generation (AEG) has made significant strides in improving cybersecurity, but there are still several challenges to overcome: 

  • False Positives: AEG tools sometimes flag non-exploitable vulnerabilities as risks, leading to wasted resources. 

  • False Negatives: Exploitable flaws may be missed, leaving critical vulnerabilities unaddressed. 

  • Software Complexity: As modern software evolves, generating accurate exploits becomes more difficult due to diverse architectures and systems. 

  • Evolving Defenses: Security measures such as ASLR and CFI make it harder to generate exploits that can bypass them. 

AEG is more than just a tool for hackers, it is a powerful technology that can help secure the digital world. By automating the process of finding and fixing vulnerabilities, AEG enables developers and security researchers to stay one step ahead of cybercriminals. While there are challenges to overcome, the potential benefits are immense. 

References: 

  1. X. Kang and S. Debray, "A framework for automatic exploit generation for JIT compilers," in Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks (Checkmate '21), New York, NY, USA: ACM, 2021, pp.  

  1. A. V. Vishnyakov and A. R. Nurmukhametov, "Survey of methods for automated code-reuse exploit generation," Programming and Computer Software, vol. 47, pp. 271–297, 2021.  

  1. P. Liguori et al., "EVIL: Exploiting software via natural language," in 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)*, Wuhan, China, 2021, pp. 321-332. 

  1. B. Zhang, J. Chen, R. Li, C. Feng, R. Li, and C. Tang, "Automated exploitable heap layout generation for heap overflows through manipulation distance-guided fuzzing," in Proceedings of the 32nd USENIX Conference on Security Symposium (SEC '23), USA: USENIX Association, 2023, pp. 4499–4515. 

  1. F. Rustamov, J. Kim, J. Yu, and J. Yun, "Exploratory review of hybrid fuzzing for automated vulnerability detection," IEEE Access, vol. 9, pp. 131166-131190, 2021. 

  1. AFL, " american fuzzy lop (2.52b)," [Online]

  1. Mayhem, “Code Security” [Online].

Edited By: Windhya Rankothge, PhD, Canadian Institute for Cybersecurity 

Related Blogs: The Role of Artificial Intelligence in Modern Cyber Defence: Friend or Foe? 

#Automatic Exploit Generation, #Fuzzing, #Symbolic execution, #Binary Code Analysis