Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations

This is the artifact of the paper accepted at USENIX Security 2025 Cycle 2 -  Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations.

LinkZard Directory Structure

• src: All source code of LinkZard, for each component's design, please see `README.md` in `./src`

• Experiment: Contains the log files of our use of LinkZard test datasets

  • see README.md in ./Experiment.

• Ablation Experiment: Contains the log data of the Jerry-Ext test in the dataset based on Jerry‘s design. Please see `README.md` in `./Ablation Experiment`

  It is worth noting that Jerry did not provide source code, so we can only roughly implement the functions based on its limited description

• quick-reproduction-guide.pdf: Contains how to quickly reproduce experiments in a given virtual machine image, and test and reproduce the installed dataset program according to the commands in it.

Integrated Environment

We provide a fully integrated environment for studying and using our framework. You can download the complete virtual machine image from link`https://zenodo.org/records/15617420`, and import it into VMware for direct use.

License

We release our artifact under the `MIT License`, allowing researchers and developers to freely use, modify, and distribute our code.

Access this Artifact

Our work complies with the requirements of open science of the USENIX Security conference. However, as our work is a vulnerability detection and exploitation framework, we have restricted the access permission of this artifact. If you need to access and download it, please contact the authors.