Active Projects

# Lead Title GitHub  
1 anastasist Command-line argument fuzzing with Helios Helios  
2 pavlosdais TGEA: Transfer Guided Evolutionary Search for Query Efficient Black Box Adversarial Attacks TGEA  
3 stavros-mhs Automatic Homework Solving with Ginny Ginny  
4 mikeRaphK PAUL: Patch Automation Using LLMs PAUL  
5 piroar Gamification of Learning Ghost in the C  
6 George-RG Towards More Scalable Firmware Emulation FEMU  
7 VrailasDimitrios Towards Automatic Verification of Static Analysis Findings AI Shield  

Completed Projects

Date Author Thesis GitHub
July 2025 myrtopar Pivot: Automatic Blackbox Exploit Generation for Stack-Based Buffer Overflows Pivot
July 2025 DPorichis RePort: Automatically Mapping the Attack Surface of IoT Systems RePort
July 2025 kchousos OverHAuL: Harness Automation with LLMs OverHAUL

Ideas - Bring your Own!

  1. Develop a container runtime that works in a browser. Imagine if we had the ability to run docker containers in your chrome/firefox/edge? How cool would that be? Imagine something like this but for containers.

  2. Spin of the above: get fuzzing working in Browsers for standard applications.

  3. Neurosymbolic tools. I am extremely interested in developing new capabilities by combining symbolic tools with new developments in AI/LLMs. Examples:
    • A neuro-symbolic triager engine.
    • A neuro-symbolic exploit generation engine.
    • A neuro-symbolic software development engine.
    • A neuro-symbolic patching engine.
    • A neuro-symbolic reversing engine + interactive.
    • A neuro-symbolic forensics engine.
    • A neuro-symbolic autograder.
    • A neuro-symbolic autoharnessing engine.
    • Neuro-symbolic decompilation.
    • Beautify any piece of code.
    • Break captchas with LLMs.
    • UI fuzzing engine.
    • Pwntools langchain tool.
    • Combination with https://github.com/binpash/try
    • Improvement over https://github.com/diiq/frontend-fuzzer
    • Improvement over https://github.com/APTRS/APTRS
    • Program equivalence
    • SMTlib solving
    • Automatic input classification
    • Automatic SMTlib formula rewriting
    • Container engine (local or remote or k8s)
    • GitHub PR suggestion tool
    • Evaluating autocorrection strategies
    • Building a maleable user interface that evolves based on user preferences.

  4. Automatic generation of OpenAPI spec 3 for RESTful APIs.

  5. Building the best ROP compiler out there.

  6. Build fuzzing-enabled packages (libc, etc).

  7. Gamification of learning.

  8. Automatically repair defects in a project like freeimage.

  9. Automatically reimplement libraries like freeimage (better than https://rjp.io/blog/2025-06-17-unreasonable-effectiveness-of-fuzzing).

  10. Binary-only command line fuzzer.

  11. Auto-dockerize applications.

  12. Auto-dockerize IoT applications.

  13. Auto-fuzz rehosted firmware.

  14. Efficient CGI fuzzer.

  15. Automatically mapping the attack surface of a system.

  16. Helm chart for quickly uploading an LLM-powered API on Kubernetes.

  17. Transparent Heap Visualizer.

  18. Automatic exploitability assessment.

  19. Automatically generate a chess-playing engine.

  20. Automatic build instruction validator.

  21. Generic APM.

  22. Document auto-formatter

  23. Automatic knowledge impact and clustering.

  24. Emscripten port of clang/gcc - fully runnable in the browser.

  25. More of a project than a thesis: auto CSS upgrader. load a remote website and make it look good :)

  26. Improved benchmarking for ML projects performing vulnerability discovery.

  27. Sourcemaps retrieval + remote sbom + host surface.

  28. Time-based CTF + Merkle trees / hash-chains.

  29. Automatic idor detection.

  30. Use online source information (e.g., VirusTotal) to infer versions of binaries.