Method and process for automatic discovery of zero-day vulnerabilities and expoits without source code access

摘要

An invention that enables an automatic discovery of Vulnerabilities in software that consists of compiled and linked machine code. Once the vulnerability, i.e., a set of values in a file or memory or network packet that causes unintended execution of commands, is discovered, the invention also automatically creates a set of commands to execute to enable a user to execute unauthorized commands. Through the employment of random input file generation that follows a set of constraints, and symbolic execution that creates solutions in the form of data input sets, which results in the CPU's program counter to execute malicious code, the invention creates novel software vulnerabilities and exploits.