Stefan Nagy's Avatar

Stefan Nagy

@snagycs.bsky.social

Faculty @utah.edu. My lab hunts bugs: https://futures.cs.utah.edu/bugs. Mastodon: snagy@infosec.exchange Twitter: @snagycs

125 Followers  |  109 Following  |  13 Posts  |  Joined: 19.02.2025  |  1.8332

Latest posts by snagycs.bsky.social on Bluesky

Post image

Super proud of the FuTURESΒ³ Lab and everything we accomplished in 2025, and excited for what’s ahead in 2026! Check out our work at futures.cs.utah.edu. πŸ˜ƒ

14.01.2026 17:34 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Go2hx Work in Progress @back2dos Thanks for the kind words! Your points are well reasoned, I think it is indeed paradoxically less ambitious. Though go2hx already use’s Go’s frontend, building a Go backend first to bootstra...

Awesome to see @yeaseen.bsky.social's work on transpiler testing recognized by the Go2Hx dev community! community.haxe.org/t/go2hx-work-in-progress/2821/24#p-14532-research-paper-review-1 😁

Interested in improving transpilers? Check out our fuzzer TeTRIS! github.com/FuturesLab/TeTRIS

07.01.2026 15:56 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Transcompiler lost in translation? Let TeTRIS uncover all its syntax frustrations! Happy to share my #ACSAC paper w/@snagycs.bsky.social:"TeTRIS: General-purpose Fuzzing for Translation Bugs in Source-to-Source Transpilers"!
PDF: futures.cs.utah.edu/papers/25ACS...
Code: github.com/FuturesLab/T...

26.11.2025 19:12 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image Post image

Crashing calculators and CAD editors? GUIFuzz++ is finally here to help make them better! πŸ”₯

Come see my undergraduate student @trowlett0.bsky.social's very first paper "GUIFuzz++" at @aseconf.bsky.social this Wednesday.

Also now integrated in @aflplusplus.bsky.social! πŸ˜ƒ
github.com/AFLplusplus/...

17.11.2025 21:02 β€” πŸ‘ 9    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

Super psyched to unveil GUIFuzz++: our grey-box fuzzer for desktop GUI applications, led by FuTURESΒ³ Lab undergraduate researchers Dillon Otto and @trowlett0.bsky.social.

Coming soon to ASE 2025!

futures.cs.utah.edu/papers/25ASE...
github.com/FuturesLab/G...

24.09.2025 20:54 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

GUIFuzz++ is the first general-purpose fuzzer for desktop GUI software! Fuzzing by translating AFL++ random input into user interaction with GUIs, leading to the discovery of 23 new bugs!

Paper: futures.cs.utah.edu/papers/25ASE.pdf
Source: github.com/FuturesLab/GUIFuzzPlusPlus

Go test some GUIs!

24.09.2025 20:52 β€” πŸ‘ 18    πŸ” 11    πŸ’¬ 1    πŸ“Œ 0

Fuzzing GUIs shouldn’t be harder than fuzzing files.

That's why I am excited to share my first paper (w/ fellow undergrad Dillon Otto + @snagycs.bsky.social) "GUIFuzz++: Unleashing Grey-box Fuzzing on Desktop Graphical User Interfacing Applications" at #ASE25.

24.09.2025 20:52 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 1    πŸ“Œ 1
Harnessing 101: A Beginner's Guide to Fuzzing Harnesses | Gabriel Sherman As a newcomer to the computer security world working on my first paper, No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses, I inevitably spent countless hours...

Curious about fuzzing but don't know where to start? I wrote my first blog post on how to choose your target, build an AFL++-compatible harness, and avoid common pitfalls.

Check it out:
gabe-sherman.github.io/2025-09-17-b...

18.09.2025 20:18 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

It's grey-box by default but also supports black-box fuzzing!

09.07.2025 18:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

Fantastic job by my student @zaoyang.bsky.social presenting his decompiler fuzzing work Bin2Wrong at USENIX ATC! πŸ”₯

Paper: futures.cs.utah.edu/papers/25ATC...
Slides: futures.cs.utah.edu/papers/25ATC...
Code: github.com/FuturesLab/B...
Impacts of Bin2Wrong-found bugs: binary.ninja/2024/06/19/r...

09.07.2025 14:44 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

I'll be in Boston for #USENIX #ATC25. Reach out if you'd like to meet up to talk fuzzing / binary analysis!

04.07.2025 21:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Check it out!
πŸ“„ Paper:Β futures.cs.utah.edu/papers/25ATC.pdf
πŸ› οΈ Bin2Wrong:Β github.com/FuturesLab/Bin2Wrong
πŸ’₯Some impacts of bugs Bin2Wrong found: binary.ninja/2024/06/19/restructuring-the-decompiler.html

#fuzzing #decompilation

22.05.2025 20:04 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Happy to share my upcoming #ATC25 paper w/ @snagycs.bsky.social: "BIN2WRONG: a Unified Fuzzing Framework for Uncovering Semantic Errors in Binary-to-C Decompilers"!

Bin2Wrong creates binaries by mutating source, compiler, optimizations, and formatβ€”revealing 48 new bugs in 7 decompilers! πŸ’ͺ

22.05.2025 20:02 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0

Paper: futures.cs.utah.edu/papers/25ICSE-b.pdf
Slides: futures.cs.utah.edu/papers/25ICSE-b_slides.pdf
Code: github.com/FuturesLab/OGHarn

Happy fuzzing!

30.04.2025 16:15 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Awesome job by my PhD student @gabriel-sherman.bsky.social presenting his work on Oracle-guided C Fuzzing Harness Generation! @icseconf.bsky.social

TLDR; 41 new bugs (40 now patched)... with 0 false positives!

30.04.2025 16:15 β€” πŸ‘ 8    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

✈️ I'll be at @icseconf.bsky.social this week β€” find me if you'd like to chat about all things fuzzing / binary analysis!

28.04.2025 11:26 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
The April 16 Memorial is pictured in front of Burruss Hall against a blue sky.

The April 16 Memorial is pictured in front of Burruss Hall against a blue sky.

Today, we’re honoring the lives of the 32 Hokies who were tragically taken from their loved ones and the Virginia Tech community on April 16, 2007.

On the 2025 Day of Remembrance, we're honoring the lasting impact they continue to have on our world. #VTWeRemember 🧑

16.04.2025 12:23 β€” πŸ‘ 32    πŸ” 22    πŸ’¬ 0    πŸ“Œ 4

[RSS] What could cause a memory corruption bug to disappear in safe mode?


devblogs.microsoft.com ->


Original->

20.03.2025 16:39 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

OGHarn mutationally generates harnesses and uses 3 oracles of behavior to determine both their utility and validity, leading to the discovery of 41 new bugs(with zero false-positive crashes)!

Paper: futures.cs.utah.edu/papers/25ICS...
Source: github.com/FuturesLab/O...

Happy Fuzzing! πŸ›

17.03.2025 18:52 β€” πŸ‘ 9    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

Need a fuzzing harness? No time to write one? Tired of false-positives? Let OGHarn lead the way to bug discovery!🐞

I'm excited to share my paper(with @snagycs.bsky.social)"No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses" at @icseconf.bsky.social 2025!

17.03.2025 18:52 β€” πŸ‘ 17    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0
Half-Life 2 RTX - Official Full Ray Tracing and DLSS 4 Announcement Trailer
YouTube video by IGN Half-Life 2 RTX - Official Full Ray Tracing and DLSS 4 Announcement Trailer

RTX truly is amazing stuff

www.youtube.com/watch?v=U7bs...

13.03.2025 16:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I will really miss the good ol' days of Twitter. As a grad student it was a go-to place for all things fuzzing/security, and I'm sad to see it fall apart. Having folks spread-out on three platforms (this, Mastodon, and X) will never quite feel the same. πŸ˜”

21.02.2025 16:13 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Howdy, world. This interface looks oddly familiar...

19.02.2025 16:23 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

@snagycs is following 20 prominent accounts