Research & Publications

Papers

Automatic Heap Layout Manipulation for Exploitation (USENIX Security 2018) [paper] [code] [bibtex]
Augmenting Vulnerability Analysis of Binary Code (ACSAC 2012) [paper]
SMT Solvers for Software Security (WOOT 2012) [paper]
Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities (MSc Thesis 2009) [thesis]

Conference Talks

Automatic Heap Layout Manipulation (EuskalHack Security Congress III, 2018) [slides]
Heap Layout Optimisation for Exploitation (Black Hat EU 2017) [slides]
Automated Root Cause Identification for Crashing Executions (Infiltrate 2016) [slides] [video]
Ghosts of Christmas Past: Fuzzing Language Interpreters using Regressions Tests (Infiltrate 2014) [slides]
Attacking the WebKit Heap (Infiltrate 2011) [slides]
Code Analysis Carpentry (Ruxcon/Kiwicon 2010) [slides]
Applying Taint Analysis and Theorem Proving to Exploit Development (Recon 2010) [slides]

Other

Vulnerability Detection Systems: Think Cyborg, Not Robot (IEEE Security & Privacy Magazine, Nov 2011) [article]