About Awards Grants Media Patents Projects Publications Service Talks Teaching

Articles

Vulnerability Root Cause Analysis Approach "ARCUS" to Appear in USENIX'21

Sat 12 December 2020

Security

My coauthors and I will be presenting a paper "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems" at USENIX Security 2021 in August, 2021. Below is a preview of the abstract: End-host runtime monitors (e.g., CFI, system call IDS) flag processes in response to symptoms of a …

"Justitia" Biometric Privacy to Appear in ASIACCS'21

Mon 26 October 2020

Security

My coauthors and I will be presenting the paper "Cryptographic Key Derivation from Biometric Inferences for Remote Authentication" at Asia CCS 2021 in June of next year. Below is a preview of the abstract: Biometric authentication is getting increasingly popular because of its appealing usability and improvements in biometric sensors …

"Bot2Stock" to Appear in ACSAC'20

Sun 04 October 2020

Security

My coauthors and I will be presenting a paper "On the Feasibility of Automating Stock Market Manipulation" at ACSAC 2020 in December. Below is a preview of the abstract: This work presents the first findings on the feasibility of using botnets to automate stock market manipulation. Our analysis incorporates data …

New CVE Published (CVE-2020-14931)

Mon 29 June 2020

Security

CVE-2020-14931 has been assigned for a vulnerability I found in DMitry. The details are available here. This issue is currently being patched.

H&R Block App Analytics for 2020

Thu 18 June 2020

Misc

Two years ago I started a series about using the analytics publicly released by the USA government to gleam some information about H&R Block's mobile apps. I'm a few months late this year, but it's time to update the numbers for the 2020 tax year. The 2019 numbers are …

Fuzzers Suck: New 0-Day Shows We Need To Do Better

Thu 18 June 2020

Security

Fuzz testing (more commonly known as "fuzzing") has become a predominate technique for bug hunting because it's easy to deploy and yields results. Academic security research is now flooded with papers on the topic — USENIX Security alone accepted 7 papers in the 2020 Fall submission cycle — many of which propose …

New CVE Published (CVE-2020-9549)

Mon 02 March 2020

Security

CVE-2020-9549 has been assigned for a vulnerability I found in Pdfresurrect. The details are available here. This issue is currently being patched.

New PoC Published to Exploit-DB (EDB-ID-47254)

Thu 15 August 2019

Security

I published a PoC for a new vulnerability in abc2mtex version 1.6.1. This was discovered while testing an analysis framework I'm developing with my peers at Georgia Tech. The vulnerability is due to an unsafe strcpy that allows an attacker to overwrite a return address and achieve arbitrary …

A Beginner's Guide to Hacking Video Game Save States (Fire Emblem 7 on the GBA)

Sat 22 June 2019

Misc

As a fun change of pace, I decided to write up a beginner's guide to hacking save states for video games. In this tutorial, we're going to take a look at Fire Emblem 7 for the Game Boy Advance (GBA). Specifically, we're going to hack the health bar of the …

MLSploit Extended Abstract to Appear in KDD 2019

Tue 11 June 2019

Security

My coauthors and I will be presenting an extended abstract in the 25th Conference on Knowledge Discovery and Data Mining (KDD'19) in August. Below is a preview: Title: MLsploit: A Framework for Interactive Experimentation with Adversarial Machine Learning Research Authors: Nilaksh Das, Siwei Li, Chanil Jeon, Jinho Jung, Shang-Tse Chen …