Research Projects
-
RaceFuzz: Kernel Race Condition Fuzzer
Developing a fuzzer targeting concurrency vulnerabilities in Linux kernel subsystems, uncovering race conditions through pattern-driven mutation and timing analysis.
-
Pastebin Data Leak Analysis
Analyzing publicly accessible paste sites to identify and categorize leaked sensitive information, exploring the ethical and technical dimensions of data exposure on open platforms.
-
LLM-Based CTF Solver
Building an autonomous system that uses large language models to solve Capture the Flag challenges, exploring orchestration strategies and model performance across challenge categories.
-
AI Privacy Exploitation in IoT
Investigating adversarial attack surfaces in AI-driven IoT systems, focusing on lateral agent manipulation and unauthorized tool invocation in multi-agent frameworks.
-
Secure ADS-B Framework
Examining vulnerabilities and defensive strategies for the protocol underpinning modern aircraft tracking.
-
ROS2 and RTOS Security
Auditing the security of the Robot Operating System 2 (ROS2) and its bridge to ROS1, replicating known attacks and probing unexplored vulnerability surfaces.
-
PUF-Based Authentication Protocol
Exploring lightweight, hardware-derived identity mechanisms for resource-constrained IoT devices.
-
CTFGuard: Evolving CTFs for AI Resistance
Profiling CTF challenges to understand what makes them solvable by AI, then developing hardening strategies to preserve their integrity against LLM-based solvers.
-
Router Hacking
Explored firmware-level vulnerabilities in consumer routers, extracting, analyzing, and subverting device behavior to understand how embedded systems can be compromised and secured.
-
LLM Package Hallucination
Investigated the tendency of large language models to hallucinate non-existent software packages in generated code. We built detection tooling to identify and catalog hallucinated dependencies across popular LLMs, and developed a comparative framework to benchmark hallucination rates and patterns.
-
Side Channel Attacks
Leveraged the ESP32C6 microcontroller to capture physical emanations from computing devices, including power, electromagnetic, and timing signals. Collected data was transmitted remotely for analysis, demonstrating real-world side-channel attack surfaces.
-
Linux Authentication with ZKP
Redesigned Linux authentication using Zero-Knowledge Proofs. An external USB device participated in an interactive ZKP protocol so that no password information was ever transmitted, preventing keylogging and man-in-the-middle attacks. The scheme was also designed to be compatible with biometric authentication devices.
-
Disassembler
Built a disassembler from scratch to understand the translation from machine code to assembly. Rather than relying on existing tools like IDA or Ghidra, the project tackled the fundamentals of binary analysis and instruction decoding as a foundation for more advanced reverse engineering work.
-
Honeypot
Deployed a low-interaction honeypot that mimicked common services to attract and capture botnet malware samples. Collected payloads were analyzed to identify attack patterns, threat actor behaviors, and malware families actively targeting exposed infrastructure.
-
MITRE eCTF 2025
NYUSEC competed in the MITRE Embedded CTF (eCTF) 2025, securing a satellite TV system against adversarial teams. The design phase solution used ChaCha20-Poly1305 encryption with a monotonic counter and randomized timing to resist replay and side-channel attacks. In the attack phase, the team exploited weak cryptographic implementations and authentication flaws in competing teams' designs.