Adrian Herrera
@adrianherrera.bsky.social
Security researcher with an interest in formal methods.
Building fuzzers @ Interrupt Labs |
Teaching @ Australian National University
https://adrian-herrera.com
Building fuzzers @ Interrupt Labs |
Teaching @ Australian National University
https://adrian-herrera.com
Saturday morning read: “QUIC-Fuzz: An Effective Greybox Fuzzer For The QUIC Protocol”
arxiv.org/abs/2503.19402
arxiv.org/abs/2503.19402
March 29, 2025 at 12:09 AM
Saturday morning read: “QUIC-Fuzz: An Effective Greybox Fuzzer For The QUIC Protocol”
arxiv.org/abs/2503.19402
arxiv.org/abs/2503.19402
2/ "Sound and Efficient Generation of Data-Oriented Exploits via Programming Language Synthesis"
Proposes a "programming language synthesis" approach for data-oriented attacks.
ilyasergey.net/assets/pdf/p...
Proposes a "programming language synthesis" approach for data-oriented attacks.
ilyasergey.net/assets/pdf/p...
January 30, 2025 at 10:39 AM
2/ "Sound and Efficient Generation of Data-Oriented Exploits via Programming Language Synthesis"
Proposes a "programming language synthesis" approach for data-oriented attacks.
ilyasergey.net/assets/pdf/p...
Proposes a "programming language synthesis" approach for data-oriented attacks.
ilyasergey.net/assets/pdf/p...
Some cool code reuse attack papers appearing at Usenix Security this year
1/ "Synthesis of Code-Reuse Attacks from p-code Programs"
Proposes a formal model of Ghidra's p-code which is used to synthsize code reuse attacks.
ora.ox.ac.uk/objects/uuid...
1/ "Synthesis of Code-Reuse Attacks from p-code Programs"
Proposes a formal model of Ghidra's p-code which is used to synthsize code reuse attacks.
ora.ox.ac.uk/objects/uuid...
January 30, 2025 at 10:39 AM
Some cool code reuse attack papers appearing at Usenix Security this year
1/ "Synthesis of Code-Reuse Attacks from p-code Programs"
Proposes a formal model of Ghidra's p-code which is used to synthsize code reuse attacks.
ora.ox.ac.uk/objects/uuid...
1/ "Synthesis of Code-Reuse Attacks from p-code Programs"
Proposes a formal model of Ghidra's p-code which is used to synthsize code reuse attacks.
ora.ox.ac.uk/objects/uuid...
“Predictive Context-sensitive Fuzzing”
Some fuzzers augment edge coverage with calling context info to find new program states. However, this often leads to state explosion. A static analysis predicts which program portions will benefit from tracking calling contexts, reducing state explosion.
Some fuzzers augment edge coverage with calling context info to find new program states. However, this often leads to state explosion. A static analysis predicts which program portions will benefit from tracking calling contexts, reducing state explosion.
December 30, 2024 at 9:17 PM
“Predictive Context-sensitive Fuzzing”
Some fuzzers augment edge coverage with calling context info to find new program states. However, this often leads to state explosion. A static analysis predicts which program portions will benefit from tracking calling contexts, reducing state explosion.
Some fuzzers augment edge coverage with calling context info to find new program states. However, this often leads to state explosion. A static analysis predicts which program portions will benefit from tracking calling contexts, reducing state explosion.
“To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux’ Wireless Stacks through VirtIO Devices”
Uses VirtIO to fuzz the Linux wireless subsystem. Built on LibAFL, includes a proxy system to collect real-world seeds, improving fuzzer performance.
Uses VirtIO to fuzz the Linux wireless subsystem. Built on LibAFL, includes a proxy system to collect real-world seeds, improving fuzzer performance.
December 30, 2024 at 9:17 PM
“To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux’ Wireless Stacks through VirtIO Devices”
Uses VirtIO to fuzz the Linux wireless subsystem. Built on LibAFL, includes a proxy system to collect real-world seeds, improving fuzzer performance.
Uses VirtIO to fuzz the Linux wireless subsystem. Built on LibAFL, includes a proxy system to collect real-world seeds, improving fuzzer performance.
“From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT Devices”
With a focus on the Matter network protocol, walks through the process of using an LLM to transform a human-readable spec into something a fuzzer can leverage.
With a focus on the Matter network protocol, walks through the process of using an LLM to transform a human-readable spec into something a fuzzer can leverage.
December 30, 2024 at 9:17 PM
“From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT Devices”
With a focus on the Matter network protocol, walks through the process of using an LLM to transform a human-readable spec into something a fuzzer can leverage.
With a focus on the Matter network protocol, walks through the process of using an LLM to transform a human-readable spec into something a fuzzer can leverage.
“CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel”
Bugs relating to improper refcount use can be hard to fuzz. CountDown targets complex refcount behaviors to expose these bugs, instrumenting refcount ops and combining this with traditional coverage metrics.
Bugs relating to improper refcount use can be hard to fuzz. CountDown targets complex refcount behaviors to expose these bugs, instrumenting refcount ops and combining this with traditional coverage metrics.
December 30, 2024 at 9:17 PM
“CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel”
Bugs relating to improper refcount use can be hard to fuzz. CountDown targets complex refcount behaviors to expose these bugs, instrumenting refcount ops and combining this with traditional coverage metrics.
Bugs relating to improper refcount use can be hard to fuzz. CountDown targets complex refcount behaviors to expose these bugs, instrumenting refcount ops and combining this with traditional coverage metrics.
“SoK: Prudent Evaluation Practices for Fuzzing”
The spiritual successor to “Evaluating Fuzz Testing”. Includes many great tips for fuzzer evaluation; e.g., not relying solely on CVEs to determine “real world impact”, and ensuring appropriate statistical tests are performed.
The spiritual successor to “Evaluating Fuzz Testing”. Includes many great tips for fuzzer evaluation; e.g., not relying solely on CVEs to determine “real world impact”, and ensuring appropriate statistical tests are performed.
December 30, 2024 at 9:17 PM
“SoK: Prudent Evaluation Practices for Fuzzing”
The spiritual successor to “Evaluating Fuzz Testing”. Includes many great tips for fuzzer evaluation; e.g., not relying solely on CVEs to determine “real world impact”, and ensuring appropriate statistical tests are performed.
The spiritual successor to “Evaluating Fuzz Testing”. Includes many great tips for fuzzer evaluation; e.g., not relying solely on CVEs to determine “real world impact”, and ensuring appropriate statistical tests are performed.
lol does adding this to your prompt actually improve the result?
November 21, 2024 at 10:26 PM
lol does adding this to your prompt actually improve the result?
And the PhD journey is done! 🎉
November 19, 2024 at 9:17 PM
And the PhD journey is done! 🎉