A fast binary coverage measurement tool based on AFL’s Qemu mode

Automatically infer grammar like fragments during normal feedback fuzzing to improve test coverage. Published at USENIX Security 2019.

A binary fuzzer that automatically solves magic Bytes and checksums during fuzzing. Published at NDSS 2019.

Uses program synthesis to deobfuscate VM instruction handlers used by obfuscators such as VMProtect and Themida. Published at USENIX Security 2017.

An AFL style feedback fuzzer, that uses Intel-PT to trace operating systems without access to sourcecode. Published at USENIX Security 2017

A one day workshop on using SMT-Solvers and bounded model checker for reverse engineering and binary analysis.