This pages summarizes some of the projects my students and I['m currently|had been] working on. All of our work is free software, thus patches and comments are appreciated.
PwIN is a collection of attacks against the de-facto standard Dynamic Binary Instrumentation engine Intel PIN. Precisely, we show that it is possible for malicious programs to evade instrumentation hooks, break out of the PIN VM, and that otherwise hard-to-exploit bugs become easy to exploit because of the way in which PIN's JIT engine operates.
Wiedergaenger is an attack against glibc-based software systems on Linux that demonstrates how specific out-of-bounds-array-accesses can be escalated to full code execution while bypassing ASLR using constant payload.
The demovfuscator is a deobfuscator for binaries that were compiled
using Christopher Domas' famous
M/o/Vfuscator. The current
release is able to reconstruct the CFG of the original program and partially
re-substitutes the mov instructions by their equivalent high-level ASM
opcodes. Note that the demovfuscator is work in progress software, i.e.
patches and comments are very welcome!
TCP_Stealth is an RFC draft and an extension for the Linux kernel providing a
modern version of port knocking for TCP sockets. Unlike other approaches,
TCP_Stealth is safe against active MitM attacks, is able to ensure the
integrity of the first TCP segment sent after the handshake, and requires only
minimal changes to existing applications (setsockopt).