0

Bridging the Gap between Real-World and Formal Binary Lifting through Filtered-Simulation (to appear)

Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea (to appear)

Automated Attack Synthesis for Constant Product Market Makers

Decentralized Finance (DeFi) enables many novel applications that were impossible in traditional finances. However, it also introduces new types of vulnerabilities. An example of such vulnerabilities is a composability bug between token contracts and …

FirmState: Bringing Cellular Protocol States to Shannon Baseband Emulation (to appear)

RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes

WebAssembly runtimes embed compilers to compile WebAssembly code into machine code for execution. These compilers use various compiler rules to define how to optimize and lower the WebAssembly code. However, existing testing tools struggle to explore …

From the Vulnerability to the Victory: A Chrome Renderer 1-Day Exploit’s Journey to v8CTF Glory

In today’s digital era, where the internet has become as essential as the air we breathe, the browsers serve as our windows to the vast expanse of the digital world. On top of web surfing, browsers extend their capabilities from being integrated into …

One shot, Triple kill: Pwning all three Google kernelCTF instances with a single 1-day Linux vulnerability

Desktops, servers, cloud computing services, mobile devices, and IoT devices. Linux is the most popular open-source kernel and is used in various IT platforms. Because of the ubiquitous presence of Linux and the characteristic of the kernel which …

BaseComp: A Comparative Analysis for Integrity Protection in Cellular Baseband Software

QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries

Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients