Uses program synthesis to deobfuscate VM instruction handlers used by obfuscators such as VMProtect and Themida. Published at USENIX Security 2017.

An AFL style feedback fuzzer, that uses Intel-PT to trace operating systems without access to sourcecode. Published at USENIX Security 2017

A very efficient data structure to query ranges for Rust. Useful to implement analysis passes on memory/code/firmware dumps.

Sample from discrete distributions in O(1). Very useful when building randomized generators and fuzzer in Rust.

A one day workshop on using SMT-Solvers and bounded model checker for reverse engineering and binary analysis.

A human friendly pwgen based on XKCD 936

A ruby programmable debugger library based on the linux ptrace API and /proc/$pid/ interfaces.

Robust semantic hashes for arbitrary x86 functions. Identify functions in very large database, even when compiled with different options.