New CVE Published (CVE-2020-9549)
Mon 02 March 2020
CVE-2020-9549 has been assigned for a vulnerability I found in Pdfresurrect. The details are available here. This issue is currently being patched.
Carter Yagemann
Ph.D. Student
Georgia Institute of Technology
I am a Ph.D. student in the Institute for Information Security and Privacy at the Georgia Institute of Technology, where I am advised by Prof. Wenke Lee and Prof. Brendan Saltaformaggio. My research interests include computer systems security with focuses on binary analysis, vulnerability discovery and prevention, machine learning, and mobile operating systems security.
About Awards Grants Media Patents Projects Publications Service Talks Teaching
Articles
New PoC Published to Exploit-DB (EDB-ID-47254)
Thu 15 August 2019I published a PoC for a new vulnerability in abc2mtex version 1.6.1. This was discovered while testing an analysis framework I'm developing with my peers at Georgia Tech. The vulnerability is due to an unsafe strcpy that allows an attacker to overwrite a return address and achieve arbitrary …
A Beginner's Guide to Hacking Video Game Save States (Fire Emblem 7 on the GBA)
Sat 22 June 2019As a fun change of pace, I decided to write up a beginner's guide to hacking save states for video games. In this tutorial, we're going to take a look at Fire Emblem 7 for the Game Boy Advance (GBA). Specifically, we're going to hack the health bar of the …
MLSploit Extended Abstract to Appear in KDD 2019
Tue 11 June 2019My coauthors and I will be presenting an extended abstract in the 25th Conference on Knowledge Discovery and Data Mining (KDD'19) in August. Below is a preview: Title: MLsploit: A Framework for Interactive Experimentation with Adversarial Machine Learning Research Authors: Nilaksh Das, Siwei Li, Chanil Jeon, Jinho Jung, Shang-Tse Chen …
Barnum Paper to Appear in Information Security Conference 2019 (ISC'19)
Sat 08 June 2019My coauthors and I will be presenting a paper in the 22nd Information Security Conference (ISC'19) in September. Below is a preview: Project Page Title: Barnum: Detecting Document Malware via Control Flow Anomalies in Hardware Traces. Authors: Carter Yagemann (Georgia Tech), Salmin Sultana (Intel Labs), Li Chen (Intel Labs), Wenke …
Extended Abstract to Appear in CVPR-19 Workshop on Explainable AI
Fri 26 April 2019My coauthors and I will be presenting an extended abstract in the workshop on Explainable AI at CVPR 2019 in June. Below is a preview: Title: To believe or not to believe: Validating explanation fidelity for dynamic malware analysis. Authors: Li Chen (Intel Labs), Carter Yagemann (Georgia Tech), Evan Downing …
H&R Block App Analytics for 2019
Fri 12 April 2019Last year I wrote a blog post about using the analytics publicly released by the USA government to gleam some information about H&R Block's mobile apps. If you haven't read it, I recommend doing so because in this post I'm going to give an update for the 2019 tax …
Android Intent Firewall Documentation
Sat 06 April 2019Awhile ago I was notified that the documentation on Android's Intent Firewall that I wrote while I was a student at Syracuse University is no longer available. Surprisingly, despite how old the document is, I still get requests for it. Thus, I've taken the time to make a copy of …
Malware Has a Color
Thu 21 February 2019In an upcoming paper I plan to present some preliminary work in applying machine learning to program control flows to detect anomalies. Specifically, my coauthors and I demonstrate how to use this to analyze document malware with promising accuracy. In previous posts, I've detailed the threat malicious documents pose to …
Upcoming MLsploit Demo at Black Hat Asia 2019
Thu 17 January 2019A framework I helped develop called MLsploit will be demoed at Black Hat Asia 2019. You can read more about it here.