This repository contains the malware analysis use cases presented in our CNS paper "Symbion: Interleaving Symbolic with Concrete Execution" (slides). Our technique allows interleaving symbolic execution with a concrete execution, focusing the symbolic exploration only on interesting portions of code.
The implementaion of Symbion is publicly available on angr's master. For a complete example on how to leverage this technique for your analyses refer to our blog post.
We provide support (ping @degrigis) on how to use Symbion through our Slack channel, you can ask for an invite here.
Happy hacking!
angr and Symbion drastically changed since the publication of this work. Therefore, the use-cases presented in this repo must be re-written. Refer to the test case here for the latest working version and to the state of the work here.
@inproceedings{gritti2020symbion,
author = {Gritti, Fabio and Fontana, Lorenzo and Gustafson, Eric and Pagani, Fabio and Continella, Andrea and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the IEEE Conference on Communications and Network Security (CNS)},
month = {June},
title = {SYMBION: Interleaving Symbolic with Concrete Execution},
year = {2020}
}