- Finding 10x+ Performance Improvements in C++ with CodeQL – Part 2/2 on Combining Dynamic and Static Analysis for Performance Optimisation
- 60%+ Performance Improvements with Continuous Profiling and Library Matching – Part 1/2 on Combining Dynamic and Static Analysis for Performance Optimisation
- Optimising an eBPF Optimiser with Prodfiler (Repost)
- PhD Thesis: Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
- Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters
- Automation in Exploit Generation with Exploit Templates
- Some Cool Projects from a Dagstuhl Seminar on SAT, SMT and CP
- Fuzzing PHP’s unserialize Function
- Upcoming Public Training: 4 Days of Advanced Tool Development with SMT Solvers (London, Nov ’17)
- Tracking Down Heap Overflows with rr
- Fuzzing Language Interpreters Using Regression Tests
- Some Early-Stage Work on Statistical Crash Triage
- Training Dates Confirmed (Plus a Contest for Students)
- Public Edition of “Advanced Tool Development with SMT Solvers” Coming Soon!
- Rust Compiler Plugins: A Simple Example
- Moving location!
- SMT Solvers for Software Security (USENIX WOOT’12)
- Better Interpreter Fuzzing with Clang
- Anatomy of a Symbolic Emulator, Part 3: Processing Symbolic Data & Generating New Inputs
- Anatomy of a Symbolic Emulator, Part 2: Introducing Symbolic Data
- Anatomy of a Symbolic Emulator, Part 1: Trace Generation
- SAT/SMT Summer School 2011 Summary (Days 5 & 6)
- SAT/SMT Summer School 2011 Summary (Days 3 & 4)
- SAT/SMT Summer School 2011 Summary (Day 2)
- SAT/SMT Summer School 2011 Summary (Day 1)
- Infiltrate 2011 Slides
- Finding Optimal Solutions to Arithmetic Constraints
- Exploit Necromancy in TCMalloc – Reviving the 4-to-N Byte Overflow Primitive with Insert to FreeList[X]
- Heap Scripts for TCMalloc with GDB’s Python API
- Misleading the Public for Fun and Profit
- Augment your Auditing with a Theorem Prover
- Code Analysis Carpentry (Ruxcon 2010)
- Determining variable ranges (Part I)
- Validity, Satisfiability and Code Semantics
- Applying Taint Analysis and Theorem Proving to Exploit Development
- Finding use-after-free bugs with static analysis
- Game Over! Thank you for playing Academia
- Exploit generation, a specialisation of testing?
- Automatic exploit generation: Lessons learned so far
- Extending to new vulnerability classes
- Gathering constraints from conditional branches
- Morphing shellcode using CFGs and SAT
- Fun uses for an SMT solver
- Pin problem solved!
- The romance is over…
- Not all shellcode locations are made equal
- Difficulties in taint data propagation without an IR
- Granular instrumentation with Pin
- Blackhat USA paper
- ISSA Ireland seminar
By Category
- Binary Instrumentation
- Constraint Solving
- Exploit generation
- Exploitation
- Fault Localisation
- Fuzzing
- Performance Optimisation
- Presentations
- Profiling
- SMT solving
- Static analysis
- Symbolic execution
- Training
- Uncategorized
- Vulnerability Analysis
- Whitebox fuzzing