Hello and welcome to my page.
I am a computer enthusiast with particular interests in software security, reverse engineering, cryptographic protocols, semantics of programming languages and program analysis.
In the past, I have done my public service and started some initiatives in the security community. One such initiative, the ERESI project, aims at providing a state-of-the-art open source reverse engineering framework to share and experiment freely.
I intend to keep track of my public work on this page, which I failed to do for years due to my general indolence unhelped by a mild twitter addiction (@jvanegue).
Bi-Abductive Adversarial Program Synthesis
Invited talk at POPL 2024 O'Hearn's fest in honor of Peter O'Hearn's 60th birthday
In Memory Safety, The Soundness Of Attacks Is What Matters
Position Statement
The Automated Exploit Grand Challenge : A Five-Year retrospective
Invited talk, IEEE Symposium on Security and Privacy LangSec Workshop 2018
Heap Models For Exploit Systems
Work-in-progress talk, IEEE Symposium on Security and Privacy LangSec Workshop 2015
Are Reverse Engineering and Exploit Writing an Art or a Science?
with Dion Blazakis, Sergey Bratus, Dan Caselden, Brandon Edwards, Travis Goodspeed, Pete Markowsky, Meredith Patterson and Chris Rohlf
Panel at the NYU / DoD CSAW THREADS conference 2013
The Automated Exploitation Grand Challenge
Presented at the H2HC conference 2013
Modern static security checking of C/C++ programs
by Julien Vanegue and Shuvendu K. Lahiri
Presented at the Infiltrate security conference 2012
These are some of my published articles:
Non-Termination Proving At Scale
by Azalea Raad, Julien Vanegue and Peter O'Hearn
Published at the Object-oriented Programming, Systems, Languages, and Applications (OOPSLA'24, Pasadena, CA, USA)
A General Approach to Under-Approximate Reasoning About Concurrent Programs
by Azalea Raad, Julien Vanegue, Josh Berdine and Peter O'Hearn
Published at the International Conference on Concurrency Theory 2023 (CONCUR'23, Antwerp, BE)
Extended version (with soundness proof) here
Adversarial Logic
Published at the International Static Analysis Symposium 2022 (SAS'22, Auckland, NZ)
The Weird Machines in Proof-Carrying Code
Published at the IEEE Symposium on Security and Privacy LangSec Workshop 2014
Towards practical reactive security audit using extended static checkers
by Julien Vanegue and Shuvendu K. Lahiri
Published at the IEEE Symposium on Security and Privacy (Oakland'13)
SMT Solvers for software security
by Julien Vanegue, Sean Heelan and Rolf Rolles
Published at the Usenix Security Workshop on Offensive Technologies (WOOT'12)
Intramodular displacement randomization
by Matt Miller, Ken Johnson, Nitin K. Goel and Julien Vanegue
Defensive publication published on IP.COM, September 2011
ExplainHoudini: making Houdini inference transparent
by Shuvendu K. Lahiri and Julien Vanegue
Published at the Verification, Model Checking and Abstract Interpretation conference (VMCAI'11)
Towards scalable modular checking of user-defined properties
by Thomas Ball, Brian Hackett, Shuvendu K. Lahiri, Shaz Qadeer and Julien Vanegue
Published at the Verified Software: Theories, Tools and Experiments (VSTTE'10)
Zero allocation vulnerabilities
Published at the Usenix Security Workshop on Offensive Technologies (WOOT'10)
Report on KLEE workshop
by Julien Vanegue and Peter Martin
The First International KLEE workshop on Symbolic Execution (Imperial College, London, UK, April 2018)
Report on the Quantum Computer Cybersecurity Symposium
by Julien Vanegue and Julio Auto
The First Quantum Computer Cybersecurity Symposium (Yale University, New Haven, USA, November 2023)
Here is a selection of my older articles, sometimes riddled with errors and broken english:
Hacking PXE without reboot: using the BIOS network stack for other purposes
Published at the Buenos Aires security conference (BACON'08)
Static analysis with a domain-specific language
Presented at the Ekoparty conference 2008
Next generation debuggers for reverse engineering
by Julien Vanegue, Thomas Garnier, Julio Auto, Sebastien Roy and Rafal Lesniak
Published at the Blackhat Europe Briefings 2007
Automated vulnerability auditing in machine code
Published in Phrack Magazine #64, July 2007
Embedded ELF debugging
Published in Phrack Magazine #63, July 2005
The Cerberus ELF interface
Published in Phrack Magazine #61, August 2003
Bypassing PaX ASLR protection
Published in Phrack Magazine #59, July 2002
IA32 Advanced function hooking
Published in Phrack Magazine #58, December 2001
I authored the following articles in French language:
ERESI: une plate-forme d'analyse binaire au niveau noyau
by Anthony Desnos, Sebastien Roy and Julien Vanegue
Published in the proceedings of the SSTIC conference 2008
Reverse engineering des systemes ELF/INTEL
by Julien Vanegue and Sebastien Roy
Published in the proceedings of the SSTIC conference 2003
Redirection de l'information sur le format ELF
Published in the proceedings of the WSTI conference 2003
Thanks to Solar Designer and the Openwall project for hosting this page.