Systems security professor with interests in automated vulnerability discovery, root cause analysis, and exploit prevention.
About Awards Grants Media Patents Projects Publications Service Talks Teaching
CVE-2020-14931 has been assigned for a vulnerability I found in DMitry. The details are available here. This issue is currently being patched.
Two years ago I started a series about using the analytics publicly released by the USA government to gleam some information about H&R Block's mobile apps. I'm a few months late this year, but it's time to update the numbers for the 2020 tax year. The 2019 numbers are …
Fuzz testing (more commonly known as "fuzzing") has become a predominate technique for bug hunting because it's easy to deploy and yields results. Academic security research is now flooded with papers on the topic — USENIX Security alone accepted 7 papers in the 2020 Fall submission cycle — many of which propose …
CVE-2020-9549 has been assigned for a vulnerability I found in Pdfresurrect. The details are available here. This issue is currently being patched.
I published a PoC for a new vulnerability in abc2mtex version 1.6.1. This was discovered while testing an analysis framework I'm developing with my peers at Georgia Tech. The vulnerability is due to an unsafe strcpy that allows an attacker to overwrite a return address and achieve arbitrary …
As a fun change of pace, I decided to write up a beginner's guide to hacking save states for video games. In this tutorial, we're going to take a look at Fire Emblem 7 for the Game Boy Advance (GBA). Specifically, we're going to hack the health bar of the …
My coauthors and I will be presenting an extended abstract in the 25th Conference on Knowledge Discovery and Data Mining (KDD'19) in August. Below is a preview: Title: MLsploit: A Framework for Interactive Experimentation with Adversarial Machine Learning Research Authors: Nilaksh Das, Siwei Li, Chanil Jeon, Jinho Jung, Shang-Tse Chen …
My coauthors and I will be presenting a paper in the 22nd Information Security Conference (ISC'19) in September. Below is a preview: Project Page Title: Barnum: Detecting Document Malware via Control Flow Anomalies in Hardware Traces. Authors: Carter Yagemann (Georgia Tech), Salmin Sultana (Intel Labs), Li Chen (Intel Labs), Wenke …
My coauthors and I will be presenting an extended abstract in the workshop on Explainable AI at CVPR 2019 in June. Below is a preview: Title: To believe or not to believe: Validating explanation fidelity for dynamic malware analysis. Authors: Li Chen (Intel Labs), Carter Yagemann (Georgia Tech), Evan Downing …
Last year I wrote a blog post about using the analytics publicly released by the USA government to gleam some information about H&R Block's mobile apps. If you haven't read it, I recommend doing so because in this post I'm going to give an update for the 2019 tax …