Active Projects

#	Lead	Title	GitHub
1	anastasist	Command-line argument fuzzing with Helios	Helios
2	pavlosdais	TGEA: Transfer Guided Evolutionary Search for Query Efficient Black Box Adversarial Attacks	TGEA
3	stavros-mhs	Automatic Homework Solving with Ginny	Ginny
4	mikeRaphK	PAUL: Patch Automation Using LLMs	PAUL
5	piroar	Gamification of Learning	Ghost in the C
6	George-RG	Towards More Scalable Firmware Emulation	FEMU
7	VrailasDimitrios	Towards Automatic Verification of Static Analysis Findings	AI Shield

Thesis Requirements

You’re thinking about doing a thesis and not sure what to expect? Read on!

First, are you sure you want to do a thesis? Why not an internship? During an internship you get to interact with the industry and by the end of it you’ll probably have a job offer at hand.

Thinking about doing a thesis AND an internship? Why do many things at once? Isn’t better to focus on one?

Alright, if you made it this far, you’re seriously thinking about doing a thesis and nothing can stop you. Or maybe the workload will :) . Below are some general guidelines about completing a thesis with me:

1. Project: we strive to select topics where novel research work can be done. You will be exposed to all aspects of doing research in today’s environment. Research means “never been done before”, so if you struggle with open-ended tasks please think again. What kind of topic will you work on? This is typically something we work on together as time passes (we can’t know where the research will take us ahead of time!).
2. Reading/Background: be prepared to read tens of research papers.
3. Presentation: you will have to deliver three (30min) presentations and a defense presentation: (a) a background talk where you present state-of-the-art papers in your research area, (b) an architecture talk where you present the details of the prototype system you are developing and (c) a presentation on experimental results. Your thesis talk will encompass elements from previous presentations. All presentations should assume the audience has a basic CS background. You’ll probably get lots of questions - be prepared to answer them!
4. Participation: you will be expected to attend weekly research meetings where we give updates on our research projects. I will become available as needed for 1-on-1 sessions to plan and discuss.
5. Time: no one (so far) has managed to complete it in less than 6 months. Come and talk to me ~1 year before you want to graduate. You will need at least: 1 month for background reading, 3 months for implementation, 1-2 months for experimentation, 1 month for writing. Please submit your thesis no later than June 30 (I will not accept submissions in July-August).

After all that, you’re still thinking about a thesis? You know where to find me ;)

Completed Projects

Date	Author	Thesis	GitHub
July 2025	myrtopar	Pivot: Automatic Blackbox Exploit Generation for Stack-Based Buffer Overflows	Pivot
July 2025	DPorichis	RePort: Automatically Mapping the Attack Surface of IoT Systems	RePort
July 2025	kchousos	OverHAuL: Harness Automation with LLMs	OverHAUL

Ideas - Bring your Own!

1. Develop a container runtime that works in a browser. Imagine if we had the ability to run docker containers in your chrome/firefox/edge? How cool would that be? Imagine something like this but for containers.

2. Spin of the above: get fuzzing working in Browsers for standard applications.

3. Neurosymbolic tools. I am extremely interested in developing new capabilities by combining symbolic tools with new developments in AI/LLMs. Examples:
   • A neuro-symbolic triager engine.
   • A neuro-symbolic exploit generation engine.
   • A neuro-symbolic software development engine.
   • A neuro-symbolic patching engine.
   • A neuro-symbolic reversing engine + interactive.
   • A neuro-symbolic forensics engine.
   • A neuro-symbolic autograder.
   • A neuro-symbolic autoharnessing engine.
   • Neuro-symbolic decompilation.
   • Beautify any piece of code.
   • Break captchas with LLMs.
   • UI fuzzing engine.
   • Pwntools langchain tool.
   • Combination with https://github.com/binpash/try
   • Improvement over https://github.com/diiq/frontend-fuzzer
   • Improvement over https://github.com/APTRS/APTRS
   • Program equivalence
   • SMTlib solving
   • Automatic input classification
   • Automatic SMTlib formula rewriting
   • Container engine (local or remote or k8s)
   • GitHub PR suggestion tool
   • Evaluating autocorrection strategies
   • Building a maleable user interface that evolves based on user preferences.

4. Automatic generation of OpenAPI spec 3 for RESTful APIs.

5. Building the best ROP compiler out there.

6. Build fuzzing-enabled packages (libc, etc).

7. Gamification of learning.

8. Automatically repair defects in a project like freeimage.

9. Automatically reimplement libraries like freeimage (better than https://rjp.io/blog/2025-06-17-unreasonable-effectiveness-of-fuzzing).

10. Binary-only command line fuzzer.

11. Auto-dockerize applications.

12. Auto-dockerize IoT applications.

13. Auto-fuzz rehosted firmware.

14. Efficient CGI fuzzer.

15. Automatically mapping the attack surface of a system.

16. Helm chart for quickly uploading an LLM-powered API on Kubernetes.

17. Transparent Heap Visualizer.

18. Automatic exploitability assessment.

19. Automatically generate a chess-playing engine.

20. Automatic build instruction validator.

21. Generic APM.

22. Document auto-formatter

23. Automatic knowledge impact and clustering.

24. Get a python3 fully static build (no joke!)

25. Emscripten port of clang/gcc - fully runnable in the browser.

26. More of a project than a thesis: auto CSS upgrader. load a remote website and make it look good :)

27. Improved benchmarking for ML projects performing vulnerability discovery.

28. Sourcemaps retrieval + remote sbom + host surface.

29. Time-based CTF + Merkle trees / hash-chains.

30. Automatic idor detection.

31. Use online source information (e.g., VirusTotal) to infer versions of binaries.

32. Slide deck reshaper.