Research & Publications

Papers

Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters (ACM CCS 2019) [paper]
Automatic Heap Layout Manipulation for Exploitation
(USENIX Security 2018) [paper] [code] [bibtex]
Augmenting Vulnerability Analysis of Binary Code (ACSAC 2012) [paper]
SMT Solvers for Software Security (WOOT 2012) [paper]
Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities (MSc Thesis 2009) [thesis]

Conference Talks

Greybox Automatic Exploit Generation for Heap Overflows (Ruhrsec 2019) [video]
Automatic Heap Layout Manipulation for Exploitaion
(CyberUK 2018)
Automatic Heap Layout Manipulation
(EuskalHack Security Congress III, 2018) [slides]
Heap Layout Optimisation for Exploitation (Black Hat EU 2017) [slides]
Automated Root Cause Identification for Crashing Executions (Infiltrate 2016) [slides] [video]
Ghosts of Christmas Past: Fuzzing Language Interpreters using Regressions Tests (Infiltrate 2014) [slides]
Attacking the WebKit Heap (Infiltrate 2011)
Code Analysis Carpentry (Ruxcon/Kiwicon 2010)
Applying Taint Analysis and Theorem Proving to Exploit Development (Recon 2010)

Other

Vulnerability Detection Systems: Think Cyborg, Not Robot (IEEE Security & Privacy Magazine, Nov 2011) [article]