Profile

Cover photo
Brendan Dolan-Gavitt
Worked at Georgia Institute of Technology
Attended Wesleyan University
Lived in Florence, Italy
211 followers|344,842 views
AboutPostsPhotosYouTube

Stream

Brendan Dolan-Gavitt

Shared publicly  - 
 
Fuzzing with AFL is an Art
Using one of the test cases from the previous post , I examine what affects AFL's ability to find a bug placed by LAVA in a program. Along the way, I found what's probably a harmless bug in AFL, and some interesting factors that affect its performance. Alth...
Using one of the test cases from the previous post, I examine what affects AFL's ability to find a bug placed by LAVA in a program. Along the way, I found what's probably a harmless bug in AFL, and some interesting factors th...
1
Yue Chen's profile photoBrendan Dolan-Gavitt's profile photo
2 comments
 
The "harmless" bug is a bug in AFL that makes it fail to instrument some blocks of code that it should. It doesn't refer to any of the bugs in the toy program.
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
How to add a million bugs to a program (and why you might want to)
In this series of posts, I'm going to describe how to automatically put bugs in programs, a topic on which we just published a paper at Oakland, one of the top academic security conferences. The system we developed, LAVA , can put millions of bugs into real...
In this series of posts, I'm going to describe how to automatically put bugs in programs, a topic on which we just published a paper at Oakland, one of the top academic security conferences. The system we developed, LAVA, can...
2
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
PANDA VM Update October 2015
The PANDA Virtual machine has once again been updated, and you can download it from: http://laredo-13.mit.edu/~brendan/pandavm-20151002.ova Notable changes: We fixed a record/replay bug that was preventing Debian Wheezy and above from replaying properly. Th...
The PANDA Virtual machine has once again been updated, and you can download it from: http://laredo-13.mit.edu/~brendan/pandavm-20151002.ova Notable changes: We fixed a record/replay bug that was preventing Debian Wheezy and...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
One Weird Trick to Shrink Your PANDA Malware Logs by 84%
When I wrote about some of the lessons learned from P ANDA Malrec 's first 100 days of operation , one of the things I mentioned was that the storage requirements for the system were extremely high. In the four months since, the storage problem only got wor...
When I wrote about some of the lessons learned from PANDA Malrec's first 100 days of operation, one of the things I mentioned was that the storage requirements for the system were extremely high. In the four months since, the...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
100 Days of Malware
It's now been a little over 100 days since I started running malware samples in PANDA  and making the executions publicly available. In that time, we've analyzed 10,794 pieces of malware, which generated: 10,794 record/replay logs , representing 226,163,195...
It's now been a little over 100 days since I started running malware samples in PANDA and making the executions publicly available. In that time, we've analyzed 10,794 pieces of malware, which generated: 10,794 record/replay...
1
Brendan Dolan-Gavitt's profile photoBrian Railing's profile photo
3 comments
 
Can do.  There are still several months of writing ahead, so we can hope to revise the citation before it is turned in.
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
Replaying Regin in PANDA
Regin, a piece of state-sponsored malware that may have been used to attack telecoms and cryptographers, has recently come to light. There are several good writeups out there, and I encourage you to check them out. Getting access to samples in cases like th...
Regin, a piece of state-sponsored malware that may have been used to attack telecoms and cryptographers, has recently come to light. There are several good writeups out there, and I encourage you to check them out. Getting ac...
1
Add a comment...
Have him in circles
211 people
Long Lu's profile photo
Randy Crum's profile photo
Marco D'Angelo's profile photo
Huong Le's profile photo
Nolan Leung's profile photo
Lisa R. Coffelt's profile photo
Marshall Crumiller's profile photo
Ying Xiao's profile photo
James Fussell's profile photo

Brendan Dolan-Gavitt

Shared publicly  - 
 
The Mechanics of Bug Injection with LAVA
This is the second in a series of posts about evaluating and improving bug detection software by automatically injecting bugs into programs. Part one, which discussed the setting and motivation, is available here . Now that we understand why we might want t...
This is the second in a series of posts about evaluating and improving bug detection software by automatically injecting bugs into programs. Part one, which discussed the setting and motivation, is available here. Now that ...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
PANDA Plugin Documentation
It's been a very long time coming, but over the holiday break I went through and created basic documentation for all 54 currently-available PANDA plugins. Each plugin now includes a manpage-style document named USAGE.md in its plugin directory. You can find...
It's been a very long time coming, but over the holiday break I went through and created basic documentation for all 54 currently-available PANDA plugins. Each plugin now includes a manpage-style document named USAGE.md in it...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
(Sys)Call Me Maybe: Exploring Malware Syscalls with PANDA
System calls are of great interest to researchers studying malware, because they are the only way that malware can have any effect on the world – writing files to the hard drive, manipulating the registry, sending network packets, and so on all must be done...
System calls are of great interest to researchers studying malware, because they are the only way that malware can have any effect on the world – writing files to the hard drive, manipulating the registry, sending network pac...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
PANDA VM Update April 2015
The PANDA virtual machine has been updated to the latest version of PANDA, which corresponds to commit ce866e1508719282b970da4d8a2222f29f959dcd . You can download it here: http://laredo-13.mit.edu/~brendan/pandavm-20150413.tar.bz2 Some notable changes: The ...
The PANDA virtual machine has been updated to the latest version of PANDA, which corresponds to commit ce866e1508719282b970da4d8a2222f29f959dcd. You can download it here: http://laredo-13.mit.edu/~brendan/pandavm-20150413.t...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
Reproducible Malware Analyses for All
Summary : With help from GTISC , I have begun running 100 malware samples per day and posting the PANDA record & replay logs online at http://panda.gtisc.gatech.edu/malrec/ . The goal is to lower the barriers to entry for doing dynamic malware research, and...
Summary: With help from GTISC, I have begun running 100 malware samples per day and posting the PANDA record & replay logs online at http://panda.gtisc.gatech.edu/malrec/. The goal is to lower the barriers to entry for doing ...
1
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
PANDA VM Updated
By popular request, I've updated the PANDA VM to a more recent version of PANDA. Get it here: pandavm-20141005.tar.bz2 The version in the VM is based on Git revision  28787825aaf514da22e11650fdfca3ba82b9fc57 . Enjoy!
By popular request, I've updated the PANDA VM to a more recent version of PANDA. Get it here: pandavm-20141005.tar.bz2 The version in the VM is based on Git revision 28787825aaf514da22e11650fdfca3ba82b9fc57. Enjoy!
1
Add a comment...
People
Have him in circles
211 people
Long Lu's profile photo
Randy Crum's profile photo
Marco D'Angelo's profile photo
Huong Le's profile photo
Nolan Leung's profile photo
Lisa R. Coffelt's profile photo
Marshall Crumiller's profile photo
Ying Xiao's profile photo
James Fussell's profile photo
Work
Employment
  • Georgia Institute of Technology
    Research Assistant, 2008 - 2014
  • Microsoft Research
    Summer Intern, 2011 - present
  • MIT Lincoln Laboratory
    Summer Intern, 2010 - 2010
  • MIT Lincoln Laboratory
    Summer Intern, 2009 - 2009
  • MITRE
    Infosec Engineer, 2006 - 2008
  • Columbia University
    Postdoc, 2014 - 2015
  • New York University
    Assistant Professor, 2015 - present
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Florence, Italy - Atlanta, GA, USA - Boston, MA, USA - Knoxville, TN, USA - St Louis, MO, USA - Seattle, WA, USA - Middletown, CT, USA
Links
Other profiles
Contributor to
Story
Tagline
Hack the planet
Introduction
Congratulations! You've found the correct Brendan.
Education
  • Wesleyan University
    Math / Computer Science, 2002 - 2006
  • Georgia Institute of Technology
    Computer Science, 2008 - 2014
    PhD
Basic Information
Gender
Male
Other names
moyix