Table of Contents

Homepage of Julien Vanegue

Hello and welcome to my page.

I am a computer enthusiast with particular interests in software security, reverse engineering, cryptographic protocols, semantics of programming languages and program analysis.

In the past, I have done my public service and started some initiatives in the security community. One such initiative, the ERESI project, aims at providing a state-of-the-art open source reverse engineering framework to share and experiment freely.

I intend to keep track of my public work on this page, which I failed to do for years due to my general indolence unhelped by a mild twitter addiction (@jvanegue).

Talks, Presentations and Opinions

Bi-Abductive Adversarial Program Synthesis
Invited talk at POPL 2024 O'Hearn's fest in honor of Peter O'Hearn's 60th birthday

In Memory Safety, The Soundness Of Attacks Is What Matters
Position Statement

The Automated Exploit Grand Challenge : A Five-Year retrospective
Invited talk, IEEE Symposium on Security and Privacy LangSec Workshop 2018

Heap Models For Exploit Systems
Work-in-progress talk, IEEE Symposium on Security and Privacy LangSec Workshop 2015

Are Reverse Engineering and Exploit Writing an Art or a Science?
with Dion Blazakis, Sergey Bratus, Dan Caselden, Brandon Edwards, Travis Goodspeed, Pete Markowsky, Meredith Patterson and Chris Rohlf
Panel at the NYU / DoD CSAW THREADS conference 2013

The Automated Exploitation Grand Challenge
Presented at the H2HC conference 2013

Modern static security checking of C/C++ programs
by Julien Vanegue and Shuvendu K. Lahiri
Presented at the Infiltrate security conference 2012

Selected papers

These are some of my published articles:

A General Approach to Under-Approximate Reasoning About Concurrent Programs
by Azalea Raad, Julien Vanegue, Josh Berdine and Peter O'Hearn
Published at the International Conference on Concurrency Theory 2023 (CONCUR'23, Antwerp, BE)
Extended version (with soundness proof) here

Adversarial Logic
Published at the International Static Analysis Symposium 2022 (SAS'22, Auckland, NZ)

The Weird Machines in Proof-Carrying Code
Published at the IEEE Symposium on Security and Privacy LangSec Workshop 2014

Towards practical reactive security audit using extended static checkers
by Julien Vanegue and Shuvendu K. Lahiri
Published at the IEEE Symposium on Security and Privacy (Oakland'13)

SMT Solvers for software security
by Julien Vanegue, Sean Heelan and Rolf Rolles
Published at the Usenix Security Workshop on Offensive Technologies (WOOT'12)

Intramodular displacement randomization
by Matt Miller, Ken Johnson, Nitin K. Goel and Julien Vanegue
Defensive publication published on IP.COM, September 2011

ExplainHoudini: making Houdini inference transparent
by Shuvendu K. Lahiri and Julien Vanegue
Published at the Verification, Model Checking and Abstract Interpretation conference (VMCAI'11)

Towards scalable modular checking of user-defined properties
by Thomas Ball, Brian Hackett, Shuvendu K. Lahiri, Shaz Qadeer and Julien Vanegue
Published at the Verified Software: Theories, Tools and Experiments (VSTTE'10)

Zero allocation vulnerabilities
Published at the Usenix Security Workshop on Offensive Technologies (WOOT'10)

Notes from conferences

Report on KLEE workshop
by Julien Vanegue and Peter Martin
The First International KLEE workshop on Symbolic Execution (Imperial College, London, UK, April 2018)

Report on the Quantum Computer Cybersecurity Symposium
by Julien Vanegue and Julio Auto
The First Quantum Computer Cybersecurity Symposium (Yale University, New Haven, USA, November 2023)

Older papers

Here is a selection of my older articles, sometimes riddled with errors and broken english:

Hacking PXE without reboot: using the BIOS network stack for other purposes
Published at the Buenos Aires security conference (BACON'08)

Static analysis with a domain-specific language
Presented at the Ekoparty conference 2008

Next generation debuggers for reverse engineering
by Julien Vanegue, Thomas Garnier, Julio Auto, Sebastien Roy and Rafal Lesniak
Published at the Blackhat Europe Briefings 2007

Automated vulnerability auditing in machine code
Published in Phrack Magazine #64, July 2007

Embedded ELF debugging
Published in Phrack Magazine #63, July 2005

The Cerberus ELF interface
Published in Phrack Magazine #61, August 2003

Bypassing PaX ASLR protection
Published in Phrack Magazine #59, July 2002

IA32 Advanced function hooking
Published in Phrack Magazine #58, December 2001

French papers

I authored the following articles in French language:

ERESI: une plate-forme d'analyse binaire au niveau noyau
by Anthony Desnos, Sebastien Roy and Julien Vanegue
Published in the proceedings of the SSTIC conference 2008

Reverse engineering des systemes ELF/INTEL
by Julien Vanegue and Sebastien Roy
Published in the proceedings of the SSTIC conference 2003

Redirection de l'information sur le format ELF
Published in the proceedings of the WSTI conference 2003





Thanks to Solar Designer and the Openwall project for hosting this page.