Proof-of-Concept (PoC) Research Papers

Recent papers related to Proof-of-Concept (PoC) including exploit generation, empirical analysis, and applications. Feel free to make contributions to this repository (e.g., adding new papers) by creating pull requests.

Contents

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016 and Before

PoC Analysis and Empirical Studies

PoC Generation

PoC Applications

Preprints

---

All Papers

2025

NDSS

• NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities pdf

PLDI

• Automated Exploit Generation for Node.js Packages pdf

ASE

• Learning from the Past: Real-World Exploit Migration for Smart Contract PoC Generation
• DeepExploitor: LLM-Enhanced Automated Exploitation of DeepLink Attack in Hybrid Apps

USENIX Security

• Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations pdf
• Towards Automatic Detection and Exploitation of Java Web Application Vulnerabilities via Concolic Execution guided by Cross-thread Object Manipulation pdf
• ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains pdf

2024

S&P

• Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction pdf

NDSS

• SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem pdf

USENIX Security

• Practical Data-Only Attack Generation pdf

ICSE

• Exploiting Library Vulnerability via Migration Based Automating Test Generation pdf

2023

S&P

• ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing pdf

ISSTA

• 1dFuzz: Reproduce 1-Day Vulnerabilities with Directed Differential Fuzzing pdf

NDSS

• BAGUA: Towards Automatic and Precise Heap Layout Manipulation for General-Purpose Programs pdf

2022

CCS

• Evocatio: Conjuring Bug Capabilities from a Single PoC pdf

USENIX Security

• Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits pdf
• SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux Kernel pdf

2021

CCS

• Facilitating Vulnerability Assessment through PoC Migration doi

USENIX Security

• MAZE: Towards Automated Heap Feng Shui pdf

TDSC

• OCTOPOCS: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept pdf

ICSE

• RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis pdf

ICPC

• Toward Automated Exploit Generation for Known Vulnerabilities in Open-Source Libraries pdf

2020

USENIX Security

• KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities pdf

2019

USENIX Security

• KEPLER: Facilitating Control-Flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities pdf

CCS

• Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters pdf
• SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel pdf

2018

CCS

• Revery: From Proof-of-Concept to Exploitable pdf

USENIX Security

• Understanding the Reproducibility of Crowd-Reported Security Vulnerabilities pdf
• NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications pdf
• FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities pdf

2017

CCS

• SemFuzz: Semantics-Based Automatic Generation of Proof-of-Concept Exploits pdf

2016 and Before

SIGKDD ‘10

• Beyond Heuristics: Learning to Classify Vulnerabilities and Predict Exploits pdf

NDSS ‘11

• AEG: Automatic Exploit Generation pdf

S&P ‘08

• Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications pdf

---

Papers by Topic

PoC Analysis and Empirical Studies

Empirical studies, surveys, and measurements analyzing PoC exploits, bug reports, and vulnerability characteristics.

Exploit Reproducibility

• Understanding the Reproducibility of Crowd-Reported Security Vulnerabilities pdf

---

PoC Generation

Automated techniques for generating proof-of-concept exploits using fuzzing, symbolic execution, and program analysis.

Fuzzing-Based Generation

• SemFuzz: Semantics-Based Automatic Generation of Proof-of-Concept Exploits pdf
• ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing (S&P ‘23) pdf
• 1dFuzz: Reproduce 1-Day Vulnerabilities with Directed Differential Fuzzing (ISSTA ‘23) pdf
• Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search (S&P ‘24) pdf

Symbolic Execution and Constraint Solving

• Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications (SP ‘08) pdf
• FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities (USENIX Security ‘18) pdf
• NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications (USENIX Security ‘18) pdf

• MAZE: Towards Automated Heap Feng Shui (USENIX Security ‘21) pdf KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities (USENIX Security ‘20) pdf

• Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters (CCS ‘19) pdf

• SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel (CCS ‘19) pdf

• Toward Automated Exploit Generation for Known Vulnerabilities in Open-Source Libraries (ICPC ‘21) pdf

Program Analysis and Automation

• NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities (NDSS ‘25) pdf
• Automated Exploit Generation for Node.js Packages (PLDI ‘25) pdf

• Practical Data-Only Attack Generation (USENIX Security ‘24) pdf

PoC Applications

Applications of PoC exploits in vulnerability assessment, exploit prediction, migration, and bug reproduction.

Vulnerability Assessment and Exploitability Prediction

• Beyond Heuristics: Learning to Classify Vulnerabilities and Predict Exploits (SIGKDD ‘10) pdf

• Revery: From Proof-of-Concept to Exploitable (CCS ‘18) pdf
• Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits (USENIX Security ‘22) pdf
• SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem (S&P/NDSS ‘24) pdf
• SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux Kernel (USENIX Security ‘22) pdf
• KEPLER: Facilitating Control-Flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities (USENIX Security ‘19) pdf

PoC Migration and Transformation

• Exploiting Library Vulnerability via Migration Based Automating Test Generation (ICSE ‘24) pdf
• Facilitating Vulnerability Assessment through PoC Migration (CCS ‘21) doi
• OCTOPOCS: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept (TDSC ‘21) pdf
• Evocatio: Conjuring Bug Capabilities from a Single PoC (CCS ‘22) pdf

Bug Reproduction

• RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis (ISSTA ‘21) pdf

---

Preprints

• PoCo: Agentic Proof-of-Concept Exploit Generation for Smart Contracts pdf
• A Systematic Study on Generating Web Vulnerability Proof-of-Concepts Using Large Language Models pdf
• Real-World Usability of Vulnerability Proof-of-Concepts: A Comprehensive Study pdf
• PoCGen: Generating Proof-of-Concept Exploits for Vulnerabilities in NPM Packages pdf
• Diffploit: Facilitating Cross-Version Exploit Migration for Open Source Library Vulnerabilities pdf

---

Contributing

Contributions are welcome:

• Adding new papers
• Suggesting improvements

License

This documentation is licensed under CC BY 4.0. Individual papers retain their original copyrights.