Profile cover photo
Profile photo
Brendan Dolan-Gavitt
199 followers -
Hack the planet
Hack the planet

199 followers
About
Posts

Post has attachment
A couple ideas that went nowhere
I suspect a lot of people in academia end up having a lot of ideas and projects that went nowhere for any number of reasons – maybe there were insurmountable technical challenges, maybe the right person to work on it never materialized, or maybe it just got...
Add a comment...

Post has attachment
Of Bugs and Baselines
A New Record The LAVA synthetic bug corpora have been available now for about a year and a half. I've been really excited to see new bug-finding approaches (particularly fuzzers) use the LAVA-M dataset as a benchmark, and to watch as performance on that dat...
Of Bugs and Baselines
Of Bugs and Baselines
moyix.blogspot.com
Add a comment...

Post has attachment
NYC Area Security Folks – Come to SOS!
Every year the NYU School of Engineering hosts Cyber Security Awareness Week (CSAW) – the largest student-run security event in the country. This year, we're trying something new that combines two of my favorite things: security and open source . The inaugu...
Add a comment...

Post has attachment
The LAVA Synthetic Bug Corpora
I'm planning a longer post discussing how we evaluated the LAVA bug injection system, but since we've gotten approval to release the test corpora I wanted to make them available right away. The corpora described in the paper, LAVA-1 and LAVA-M, can be downl...
Add a comment...

Post has attachment
Fuzzing with AFL is an Art
Using one of the test cases from the previous post , I examine what affects AFL's ability to find a bug placed by LAVA in a program. Along the way, I found what's probably a harmless bug in AFL, and some interesting factors that affect its performance. Alth...
Fuzzing with AFL is an Art
Fuzzing with AFL is an Art
moyix.blogspot.com
Add a comment...

Post has attachment
The Mechanics of Bug Injection with LAVA
This is the second in a series of posts about evaluating and improving bug detection software by automatically injecting bugs into programs. Part one, which discussed the setting and motivation, is available here . Now that we understand why we might want t...
Add a comment...

Post has attachment
How to add a million bugs to a program (and why you might want to)
In this series of posts, I'm going to describe how to automatically put bugs in programs, a topic on which we just published a paper at Oakland, one of the top academic security conferences. The system we developed, LAVA , can put millions of bugs into real...
Add a comment...

Post has attachment
PANDA Plugin Documentation
It's been a very long time coming, but over the holiday break I went through and created basic documentation for all 54 currently-available PANDA plugins. Each plugin now includes a manpage-style document named USAGE.md in its plugin directory. You can find...
Add a comment...

Post has attachment
PANDA VM Update October 2015
The PANDA Virtual machine has once again been updated, and you can download it from: http://laredo-13.mit.edu/~brendan/pandavm-20151002.ova Notable changes: We fixed a record/replay bug that was preventing Debian Wheezy and above from replaying properly. Th...
Add a comment...

Post has attachment
(Sys)Call Me Maybe: Exploring Malware Syscalls with PANDA
System calls are of great interest to researchers studying malware, because they are the only way that malware can have any effect on the world – writing files to the hard drive, manipulating the registry, sending network packets, and so on all must be done...
Add a comment...
Wait while more posts are being loaded