I am a member of the Technical Staff at MIT Lincoln Laboratory in the Cyber System Assessments Group where I research the intersection of dynamic program analysis, firmware security, and vulnerability discovery. In particular, I am interested in rehosting firmware into virtual environments where it will run correctly while also being closely analyzed and monitored. Towards this end, I have contributed to the development of a number of open source tools. I’ve also developed courses focused on dynamic program analysis, whole system dynamic analysis, and firmware security which I’ve taught at various universities and companies both in the US and abroad. I am a proud alumnus of Northeastern University, where I earned my PhD in Computer Science, and Rensselaer Polytechnic Institute, where I earned a BS in Computer Science and was an active member of RPISEC.

All my publications are available as open access, at . Training materials can be shared upon request, and I am always happy to discuss my research and teaching.

🔥 News

• 2024.08: Spoke at DEF CON for the first time
• 2022.11: Ran my first international training course in Munich, Germany
• 2022.01: Created and taught CS 4910 "Dynamic Program Analysis for System Security " at Northeastern University
• 2021.06: Presented our paper PyPANDA: taming the PANDAmonium of whole system dynamic analysis at NDSS BAR 2021
• 2021.05: Presented our SoK paper Enabling security analyses of embedded systems via rehosting at AsiaCCS 2021
• 2017.07: Led the Lab RATs to a 10th place finish in DEF CON CTF CTF finals. News coverage
• 2016.12: Discovered 10 CVEs in a McAfee antivirus product. News coverage

🧑‍💻 Open Source Projects

• System Call Injection with HyDE: New tools for dynamic analysis of virtualized guest systems using system call injection to be released with ACSAC 2024 publication
• PANDA.re: A whole-system dynamic analysis platform for reverse engineering and software understanding. Fork of the QEMU codebase with significant modifications to enable record/replay, a plugin architecture, and Python based analyses. GitHub Repository. Project Website
• LAVA: An automated framework for injecting vulnerabilities into software to evaluate bug-finding systems. LAVA uses PANDA’s whole-system dynamic taint analysis to identify how input data flow through a program and uses this information to propose and evaluate patches to soruce code to add vulnerabilities. GitHub Repository (No longer maintained)
• Rode0day: A vulnerability discovery competition powered by LAVA where users compete to find new bugs each month. Unlike prior self-evaluations, Rode0day competitiors had no knowledge of where the bugs were until we released the solutions after each competition ended. Project website (No longer maintained)
• Firmware Rehosting: New tools for automated firmware rehosting and dynamic analysis of firmware to be released late 2024

📝 Academic Publications

• Hypervisor Dissociative Execution: Programming Guests for Monitoring, Management, and Security. Andrew Fasano, Zak Estrada, Timothy Leek, William Robertson. ACSAC 2024. (Preprint coming soon).

• Homo in Machina: Improving Fuzz Testing Coverage via Compartment Analysis. Josh Bundt, Andrew Fasano, Brendan Dolan-Gavitt, William Robertson, Timothy Leek. ACM AsiaCCS 2021. View pdf

• PyPANDA: Taming the PANDAmonium of Whole System Dynamic Analysis. Luke Craig, Andrew Fasano, Tiemoko Ballo, Timothy Leek, Brendan Dolan-Gavitt, William Robertson. NDSS BAR 2021. View pdf

• Evaluating Synthetic bugs. Josh Bundt, Andrew Fasano, Brendan Dolan-Gavitt, William Robertson, Timothy Leek. ACM AsiaCCS 2021. View pdf

• SoK: Enabling Security Analyses of Embedded Systems via Rehosting. Andrew Fasano, Tiemoko Ballo, Marius Muench, Tim Leek, Alexander Bulekov, Brendan Dolan-Gavitt, Manuel Egele, Aurelien Francillon, Long Lu, Nick Gregory, Davide Balzarotti, William Robertson. ACM AsisaCCS 2021. View pdf

• The Rode0day to Less Buggy Programs. Andrew Fasano, Tim Leek, Brendan Dolan-Gavitt, Josh Bundt. IEEE Security and Privacy Magazine 2019. View pdf

💬 Invited Talks

• 2024.08, DEFCON AIxCC: “A Reverse Engineer’s Guide to Mechanistic Interpretability” Video and slides.
• 2023.10, NYU Hack Night: “The Trials, Tribulations, and Triumphs of Whole System Dynamic Analysis: Lessons from a Decade in the Trenches”
• 2019.10, AvengerCon: “The LAVA has Hardened! Building a Better Bug Corpora to Evaluate Bug-Finders”
• 2019.08, USENIX WOOT: “Rode0day: A Year of Bug-Finding Evaluations”
• 2018.08, USENIX WOOT: “Rode0day: Searching for Truth with a Bug-Finding Competition”
• 2018.10, MIT Techsec: “Intro to Web Exploitation”

🎖 Honors and Awards

• 2020.09 R&D100 Award: LAVA was awarded an R&D100 award for its impact advancing the state of the art in vulnerability discovery.
• 2019.09 MIT Lincoln Scholar Award: Selected to receive special funding through a competitive process to pursue my research on firmware rehosting.
• 2017.06 MIT Lincoln Laboratory Team Award: One of my projects was award a Team Award for outstanding technical achievement.