Tim Blazytko

Hi! I am a binary security researcher who explores the more formal aspects of program analysis. In my PhD research, I worked on novel methods for code deobfuscation, fuzzing and bug triaging. Nowadays, I co-founded a emproof, where we build code obfuscation schemes and binary hardening solutions tailored to embedded devices. Moreover, I give trainings on reverse engineering & code deobfuscation, analyze malware and perform security audits. From time to time, I publish new articles on my reverse engineering blog. You can also subscribe to its RSS feed.

You can contact me at tim@blazytko.to. Please use my PGP key for confidential requests. Feel also free to follow me on Twitter, Mastodon, GitHub, YouTube and LinkedIn.

Upcoming Trainings

Latest Blog Posts

• Identification of API Functions in Binaries
• Statistical Analysis to Detect Uncommon Code
• Practical MBA Deobfuscation with msynth
• Writing Disassemblers for VM-based Obfuscators
• Automated Detection of Obfuscated Code
• Automation in Reverse Engineering: String Decryption
• Introduction to Control-flow Graph Analysis
• Automated Detection of Control-flow Flattening

Research Interests

• static and dynamic program analysis
• software obfuscation and deobfuscation
• fuzzing and bug triaging

Talks & Workshops (selection)

• Unveiling Malicious Behavior in Unknown Binaries.
  Swiss Cyber Storm 2023, Berne
  slides recording

• Unveiling Secrets in Binaries using Code Detection Strategies
  REcon 2023, Montreal
  slides recording code

• Evolution Of Learning: What Cyber Security Training Looks Like In 2023 (Panel Discussion)
  HITBSecConf2023, Amsterdam
  recording

• The Next Generation of Virtualization-based Obfuscators (Updated Version)
  HITBSecConf2023, Amsterdam
  slides recording

• The Next Generation of Virtualization-based Obfuscators
  REcon 2022, Montreal
  slides recording

• Workshop: Analysis of Virtualization-based Obfuscation
  r2con2021, Remote
  slides recording code

• Workshop: Semi-automatic Code Deobfuscation
  HITBSecConf2021 Amsterdam, Remote
  slides code

• Workshop: Semi-automatic Code Deobfuscation
  r2con2020, Remote
  slides recording code

• Aurora: Statistical Crash Analysis for Automated Root Cause Explanation
  USENIX Security Symposium 2020 (USENIX Security 2020), Remote
  slides recording paper code

• Breaking State-of-the-Art Binary Code Obfuscation via Program Synthesis
  Black Hat Asia 2018, Singapore
  slides recording

• Breaking State-of-the-Art Binary Code Obfuscation
  REcon 2018, Brussels
  slides

• Let's break modern binary code obfuscation
  34th Chaos Communication Congress (34C3), Leipzig
  slides recording

• Syntia: Synthesizing the Semantics of Obfuscated Code
  USENIX Security Symposium 2017 (USENIX Security 2017), Vancouver
  slides recording paper code

• Introduction to Program Synthesis
  secUnity Winter School on Binary Analysis 2017, Bochum
  slides

• Constraint Solving for Reverse Engineers
  secUnity Winter School on Binary Analysis 2017, Bochum
  slides

Publications

• Jit-Picking: Differential Fuzzing of JavaScript Engines
  ACM Conference on Computer and Communications Security 2022 (CCS 2022)
  Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, Thorsten Holz.
  paper code

• Exorcist: Automated Differential Analysis to Detect Compromises in Closed-Source Software Supply Chains
  ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses 2022 (SCORED'22)
  Frederick Barr-Smith, Tim Blazytko, Richard Baker, Ivan Martinovic.
  paper

• Loki: Hardening Code Obfuscation Against Automated Attacks
  USENIX Security Symposium 2022 (USENIX Security 2022)
  Moritz Schloegel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz, Ali Abbasi.
  paper slides recording

• Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
  European Symposium on Research in Computer Security (ESORICS 2021)
  Moritz Schloegel, Tim Blazytko, Julius Basler, Fabian Hemmer, Thorsten Holz.
  paper code

• Reasoning about Software Security via Synthesized Behavioral Substitutes
  Doctoral Thesis (2020)
  Tim Blazytko.
  pdf

• Aurora: Statistical Crash Analysis for Automated Root Cause Explanation
  USENIX Security Symposium 2019 (USENIX Security 2020)
  Tim Blazytko, Moritz Schloegel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Woerner, Thorsten Holz.
  paper slides recording code

• Grimoire: Synthesizing Structure while Fuzzing
  USENIX Security Symposium 2019 (USENIX Security 2019)
  Tim Blazytko, Cornelius Aschermann, Moritz Schloegel, Ali Abbasi, Sergej Schumilo, Simon Woerner, Thorsten Holz.
  paper slides recording code

• Redqueen: Fuzzing with Input-to-State Correspondence
  Network and Distributed System Security Symposium (NDSS 2019)
  Cornelis Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz.
  paper slides recording code

• Towards Automated Generation of Exploitation Primitives for Web Browsers
  Annual Computer Security Applications Conference (ACSAC 2018)
  Behrad Garmany, Martin Stoffel, Robert Gawlik, Philipp Koppe, Tim Blazytko, Thorsten Holz.
  paper

• Syntia: Synthesizing the Semantics of Obfuscated Code
  USENIX Security Symposium 2017 (USENIX Security 2017)
  Tim Blazytko, Moritz Contag, Cornelius Aschermann, Thorsten Holz.
  paper slides recording code

• Towards Automated Discovery of Crash-Resistant Primitives in Binaries
  IEEE/IFIP International Conference on Dependable Systems and Networks 2017 (DSN 2017)
  Benjamin Kollenda, Enes Goktas, Tim Blazytko, Philipp Koppe, Robert Gawlik, R.K. Konoth, Cristiano Giuffrida, Herbert Bos, Thorsten Holz.
  paper

• Static Data Flow Analysis and Constraint Solving to Craft Inputs for Binary Programs
  M.Sc. Thesis (2015)
  Tim Blazytko.
  pdf

Past Trainings (Selection)

• Reverse Engineering: Binary Program Analysis [Ringzer0 Training], 2024-02-10
• Software Deobfuscation Techniques [Hexacon], 2023-10-09
• Software Deobfuscation Techniques [REcon Montreal], 2023-06-05
• Software Deobfuscation Techniques [NorthSec 2023], 2023–05-23
• Software Deobfuscation Techniques [HITB CYBERWEEK 2022], 2022-11-07
• Software Deobfuscation Techniques [REcon Montreal], 2022-05-30
• Software Deobfuscation Techniques [HITB+ Amsterdam 2022], 2022-05-09
• Software Deobfuscation Techniques [HITB+ CYBERWEEK 2021], 2021-11-21
• Software Deobfuscation Techniques [HITB2021SIN], 2021-08-23
• Software Deobfuscation Techniques [HITB], 2021-04-16
• Software Deobfuscation Techniques [HITB+ CYBERWEEK 2020], 2020-11-27

Program Committee Member

• Transactions on Software Engineering and Methodology (TOSEM): 2023
• Transactions on Dependable and Secure Computing (TDSC): 2023
• CheckMATE: 2022 (Program Chair)
• Transactions on Dependable and Secure Computing (TDSC): 2022
• CheckMATE: 2021
• RuhrSec: 2020

legal