• Finding 10x+ Performance Improvements in C++ with CodeQL – Part 2/2 on Combining Dynamic and Static Analysis for Performance Optimisation
• 60%+ Performance Improvements with Continuous Profiling and Library Matching – Part 1/2 on Combining Dynamic and Static Analysis for Performance Optimisation
• Optimising an eBPF Optimiser with Prodfiler (Repost)
• PhD Thesis: Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
• Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters
• Automation in Exploit Generation with Exploit Templates
• Some Cool Projects from a Dagstuhl Seminar on SAT, SMT and CP
• Fuzzing PHP’s unserialize Function
• Upcoming Public Training: 4 Days of Advanced Tool Development with SMT Solvers (London, Nov ’17)
• Tracking Down Heap Overflows with rr
• Fuzzing Language Interpreters Using Regression Tests
• Some Early-Stage Work on Statistical Crash Triage
• Training Dates Confirmed (Plus a Contest for Students)
• Public Edition of “Advanced Tool Development with SMT Solvers” Coming Soon!
• Rust Compiler Plugins: A Simple Example
• Moving location!
• SMT Solvers for Software Security (USENIX WOOT’12)
• Better Interpreter Fuzzing with Clang
• Anatomy of a Symbolic Emulator, Part 3: Processing Symbolic Data & Generating New Inputs
• Anatomy of a Symbolic Emulator, Part 2: Introducing Symbolic Data
• Anatomy of a Symbolic Emulator, Part 1: Trace Generation
• SAT/SMT Summer School 2011 Summary (Days 5 & 6)
• SAT/SMT Summer School 2011 Summary (Days 3 & 4)
• SAT/SMT Summer School 2011 Summary (Day 2)
• SAT/SMT Summer School 2011 Summary (Day 1)
• Infiltrate 2011 Slides
• Finding Optimal Solutions to Arithmetic Constraints
• Exploit Necromancy in TCMalloc – Reviving the 4-to-N Byte Overflow Primitive with Insert to FreeList[X]
• Heap Scripts for TCMalloc with GDB’s Python API
• Misleading the Public for Fun and Profit
• Augment your Auditing with a Theorem Prover
• Code Analysis Carpentry (Ruxcon 2010)
• Determining variable ranges (Part I)
• Validity, Satisfiability and Code Semantics
• Applying Taint Analysis and Theorem Proving to Exploit Development
• Finding use-after-free bugs with static analysis
• Game Over! Thank you for playing Academia
• Exploit generation, a specialisation of testing?
• Automatic exploit generation: Lessons learned so far
• Extending to new vulnerability classes
• Gathering constraints from conditional branches
• Morphing shellcode using CFGs and SAT
• Fun uses for an SMT solver
• Pin problem solved!
• The romance is over…
• Not all shellcode locations are made equal
• Difficulties in taint data propagation without an IR
• Granular instrumentation with Pin
• Blackhat USA paper
• ISSA Ireland seminar

By Category

• Binary Instrumentation
• Constraint Solving
• Exploit generation
• Exploitation
• Fault Localisation
• Fuzzing
• Performance Optimisation
• Presentations
• Profiling
• SMT solving
• Static analysis
• Symbolic execution
• Training
• Uncategorized
• Vulnerability Analysis
• Whitebox fuzzing

By Year

• 2023 (3)
• 2020 (1)
• 2019 (3)
• 2017 (2)
• 2016 (5)
• 2015 (1)
• 2012 (6)
• 2011 (8)
• 2010 (6)
• 2009 (15)