Articles

Jun 18, 2020
Security

Fuzzers Suck: New 0-Day Shows We Need To Do Better

Fuzz testing (more commonly known as "fuzzing") has become a predominate technique for bug hunting because it's easy to deploy and yields results. Academic security research is now flooded with papers on the topic — USENIX Security alone accepted 7 papers in the 2020 Fall submission cycle — many of which propose …

Mar 02, 2020
Security

New CVE Published (CVE-2020-9549)

CVE-2020-9549 has been assigned for a vulnerability I found in Pdfresurrect. The details are available here. This issue is currently being patched.

Aug 15, 2019
Security

New PoC Published to Exploit-DB (EDB-ID-47254)

I published a PoC for a new vulnerability in abc2mtex version 1.6.1. This was discovered while testing an analysis framework I'm developing with my peers at Georgia Tech. The vulnerability is due to an unsafe strcpy that allows an attacker to overwrite a return address and achieve arbitrary …

Jun 22, 2019
Misc

A Beginner's Guide to Hacking Video Game Save States (Fire Emblem 7 on the GBA)

As a fun change of pace, I decided to write up a beginner's guide to hacking save states for video games. In this tutorial, we're going to take a look at Fire Emblem 7 for the Game Boy Advance (GBA). Specifically, we're going to hack the health bar of the …

Jun 11, 2019
Security

MLSploit Extended Abstract to Appear in KDD 2019

My coauthors and I will be presenting an extended abstract in the 25th Conference on Knowledge Discovery and Data Mining (KDD'19) in August. Below is a preview: Title: MLsploit: A Framework for Interactive Experimentation with Adversarial Machine Learning Research Authors: Nilaksh Das, Siwei Li, Chanil Jeon, Jinho Jung, Shang-Tse Chen …

Jun 08, 2019
Security

Barnum Paper to Appear in Information Security Conference 2019 (ISC'19)

My coauthors and I will be presenting a paper in the 22nd Information Security Conference (ISC'19) in September. Below is a preview: Project Page Title: Barnum: Detecting Document Malware via Control Flow Anomalies in Hardware Traces. Authors: Carter Yagemann (Georgia Tech), Salmin Sultana (Intel Labs), Li Chen (Intel Labs), Wenke …

Apr 26, 2019
Security

Extended Abstract to Appear in CVPR-19 Workshop on Explainable AI

My coauthors and I will be presenting an extended abstract in the workshop on Explainable AI at CVPR 2019 in June. Below is a preview: Title: To believe or not to believe: Validating explanation fidelity for dynamic malware analysis. Authors: Li Chen (Intel Labs), Carter Yagemann (Georgia Tech), Evan Downing …

Apr 12, 2019
Misc

H&R Block App Analytics for 2019

Last year I wrote a blog post about using the analytics publicly released by the USA government to gleam some information about H&R Block's mobile apps. If you haven't read it, I recommend doing so because in this post I'm going to give an update for the 2019 tax …

Apr 06, 2019
Security

Android Intent Firewall Documentation

Awhile ago I was notified that the documentation on Android's Intent Firewall that I wrote while I was a student at Syracuse University is no longer available. Surprisingly, despite how old the document is, I still get requests for it. Thus, I've taken the time to make a copy of …

Feb 21, 2019
Security

Malware Has a Color

In an upcoming paper I plan to present some preliminary work in applying machine learning to program control flows to detect anomalies. Specifically, my coauthors and I demonstrate how to use this to analyze document malware with promising accuracy. In previous posts, I've detailed the threat malicious documents pose to …

Previous
3 of 7
Next