@snagycs.bsky.social
Faculty @utah.edu. My lab hunts bugs: https://futures.cs.utah.edu/bugs. Mastodon: snagy@infosec.exchange Twitter: @snagycs
It's grey-box by default but also supports black-box fuzzing!
09.07.2025 18:26 β π 0 π 0 π¬ 0 π 0
Fantastic job by my student @zaoyang.bsky.social presenting his decompiler fuzzing work Bin2Wrong at USENIX ATC! π₯
Paper: futures.cs.utah.edu/papers/25ATC...
Slides: futures.cs.utah.edu/papers/25ATC...
Code: github.com/FuturesLab/B...
Impacts of Bin2Wrong-found bugs: binary.ninja/2024/06/19/r...
I'll be in Boston for #USENIX #ATC25. Reach out if you'd like to meet up to talk fuzzing / binary analysis!
04.07.2025 21:36 β π 1 π 0 π¬ 0 π 0
Check it out!
π Paper:Β futures.cs.utah.edu/papers/25ATC.pdf
π οΈ Bin2Wrong:Β github.com/FuturesLab/Bin2Wrong
π₯Some impacts of bugs Bin2Wrong found: binary.ninja/2024/06/19/restructuring-the-decompiler.html
#fuzzing #decompilation
Happy to share my upcoming #ATC25 paper w/ @snagycs.bsky.social: "BIN2WRONG: a Unified Fuzzing Framework for Uncovering Semantic Errors in Binary-to-C Decompilers"!
Bin2Wrong creates binaries by mutating source, compiler, optimizations, and formatβrevealing 48 new bugs in 7 decompilers! πͺ
Paper: futures.cs.utah.edu/papers/25ICSE-b.pdf
Slides: futures.cs.utah.edu/papers/25ICSE-b_slides.pdf
Code: github.com/FuturesLab/OGHarn
Happy fuzzing!
Awesome job by my PhD student @gabriel-sherman.bsky.social presenting his work on Oracle-guided C Fuzzing Harness Generation! @icseconf.bsky.social
TLDR; 41 new bugs (40 now patched)... with 0 false positives!
βοΈ I'll be at @icseconf.bsky.social this week β find me if you'd like to chat about all things fuzzing / binary analysis!
28.04.2025 11:26 β π 3 π 1 π¬ 0 π 0
The April 16 Memorial is pictured in front of Burruss Hall against a blue sky.
Today, weβre honoring the lives of the 32 Hokies who were tragically taken from their loved ones and the Virginia Tech community on April 16, 2007.
On the 2025 Day of Remembrance, we're honoring the lasting impact they continue to have on our world. #VTWeRemember π§‘
[RSS] What could cause a memory corruption bug to disappear in safe mode?
devblogs.microsoft.com ->
Original->
OGHarn mutationally generates harnesses and uses 3 oracles of behavior to determine both their utility and validity, leading to the discovery of 41 new bugs(with zero false-positive crashes)!
Paper: futures.cs.utah.edu/papers/25ICS...
Source: github.com/FuturesLab/O...
Happy Fuzzing! π
Need a fuzzing harness? No time to write one? Tired of false-positives? Let OGHarn lead the way to bug discovery!π
I'm excited to share my paper(with @snagycs.bsky.social)"No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses" at @icseconf.bsky.social 2025!
RTX truly is amazing stuff
www.youtube.com/watch?v=U7bs...
I will really miss the good ol' days of Twitter. As a grad student it was a go-to place for all things fuzzing/security, and I'm sad to see it fall apart. Having folks spread-out on three platforms (this, Mastodon, and X) will never quite feel the same. π
21.02.2025 16:13 β π 2 π 0 π¬ 1 π 0Howdy, world. This interface looks oddly familiar...
19.02.2025 16:23 β π 4 π 0 π¬ 1 π 0
