Research & Publications

Papers

Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters (ACM CCS 2019) [paper] [slides] [bibtex]
Automatic Heap Layout Manipulation for Exploitation
 (USENIX Security 2018) [paper] [code] [bibtex]
Augmenting Vulnerability Analysis of Binary Code (ACSAC 2012) [paper] [bibtex]
SMT Solvers for Software Security (WOOT 2012) [paper] [bibtex]
Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities (MSc Thesis 2009) [thesis] [bibtex]

Conference Talks

Greybox Automatic Exploit Generation for Heap Overflows (Ruhrsec 2019) [video]
Automatic Heap Layout Manipulation for Exploitaion
(CyberUK 2018)
Automatic Heap Layout Manipulation
(EuskalHack Security Congress III, 2018) [slides]
Heap Layout Optimisation for Exploitation (Black Hat EU 2017) [slides]
Automated Root Cause Identification for Crashing Executions (Infiltrate 2016) [slides] [video]
Ghosts of Christmas Past: Fuzzing Language Interpreters using Regressions Tests (Infiltrate 2014) [slides]
Attacking the WebKit Heap (Infiltrate 2011)
Code Analysis Carpentry (Ruxcon/Kiwicon 2010)
Applying Taint Analysis and Theorem Proving to Exploit Development (Recon 2010)

Other

Vulnerability Detection Systems: Think Cyborg, Not Robot (IEEE Security & Privacy Magazine, Nov 2011) [article]