I am currently pursuing independent research, investigating LLM-based automation of vulnerability research and exploit generation. Immediately prior to this I co-founded, and was CTO of, Optimyze. We built Prodfiler, an in-production, datacenter-wide profiler, and were acquired by Elastic. Prodfiler is now the Elastic Universal Profiler.
Some things I have worked on are:
- In 2008 I did some of the earliest work on Automatic Exploit Generation (AEG) for my MSc thesis.
- From 2009 to 2012 I worked at Immunity Inc as a vulnerability researcher and exploit developer. I also did R&D on automating these tasks. Some things of note …
- I wrote several exploits and tools for inclusion in CANVAS, a CNE framework.
- I was the research lead on ILLITHID, a DARPA funded programme where we built a model checking tool for binary software, intended to be used by a human expert to assist in vulnerability detection. ILLITHID combined a novel model checking approach for binary software with a UI that allowed the user to add annotations and constraints in order to guide the analysis. A demo video can be found here.
- I worked on integrating SMT-solver driven analysis into Immunity Debugger.
- In 2012 I started Persistence Labs, where we developed software for fine-grained runtime data-flow tracking for the purposes of semi-automating reverse engineering, exploitation and vulnerability discovery. The product was called SemTrax and you can see it in action here.
- In 2016 I started a PhD at the University of Oxford on the topic of automatic exploit generation (papers and thesis here). I wrote a blog post summarising the problems I worked on here.
- In 2019 I co-founded Optimyze, and had the pleasure of working alongside some amazing people to build prodfiler.com. We were acquired by Elastic in late 2021, and Prodfiler became the Elastic Universal Profiler (EUP). Prodfiler/EUP is a low overhead (< 1% CPU) profiler that can profile the entire system (kernel, userspace, compiled or interpreted code), with no redeployments, recompiles, or the need for debug symbols to be shipped to your production environment.
- From 2021 to 2023 I was the team lead and then tech lead for profiling at Elastic, largely focused on integrating Prodfiler into the Elastic product suite. Around the release of GPT-4 I also started the team that would build the Elastic AI Agent for Observability, and served as its tech lead.
- Since 2023 I’ve been pursuing independent R&D.
You can find out more via [code][publications][CV], or just drop me an email via sean at heelan dot io.
My Twitter profile is here, and my LinkedIn profile is here.
Sean Heelan's Blog 