What are Weird Machines?


The expression "weird machines" was first used in the RSS 2009 talk. It referred to state-of-the-art exploitation as finding and programming an execution model (a machine, such as a virtual automaton) within the target via crafted inputs. It was soon extended to other methods of reliably or probabilistically influencing the target's state. A compressed version of that original talk was given at the Chaos Computing Congress 27c3 [slides], [video].

The concept was further elaborated in Exploitation and State Machines by Thomas Dullien / Halvar Flake at Infiltrate 2011, Heap Exploitation Abstraction by Example by Census Labs at OWASP 2012, and others. A historical sketch can be found in From Buffer Overflows to "Weird Machines" by Bratus et al.

Effort is underway to produce formal descriptions of weird machine classes in various computing environments. The LangSec effort is aimed at describing and eliminating broad classes of input-related bugs and associated weird machines.

Newer papers:

Older papers:

Strange & radiant machines:

(exploits that borrow existing computation in unexpected ways)

PHY layer:

Higher network layers:

Intra-OS machines:

Other papers on x86


Other Lists: