BIO

Andrea Fioraldi is currently a Ph.D. student in the Software and Systems Security group of EURECOM under the supervision of Prof. Davide Balzarotti. He is working on new methodologies to improve the effectiveness of security vulnerability discovery techniques such as Fuzz Testing in the scope of the DARPA Chess project.

In 2020, Andrea obtained his MSc degree in Engineering in Computer Science from Sapienza, University of Rome. His thesis was developed during his internship at EURECOM with the supervision of Prof. Balzarotti and its title is "Program State Abstraction for Feedback-driven Fuzz Testing using Likely Invariants".
In 2018, Andrea obtained his BSc degree in Computer and Control Engineering from Sapienza, University of Rome. His thesis is entitled "Symbolic Execution and Debugging Synchronization".

Andrea is an active player in CyberSecurity competitions (Capture the Flag). He won the Italian CyberChallenge in 2017 in the category of Malware Analysis, he was also part of the first Italian team participating at the ENISA's European CyberSecurity Challenge. With his team mHACKeroni, he also participated several times to top international competitions among the best hacker teams in the world, such as DEFCON CTF and CCC CTF, with great results.

Andrea is known in the security community for his contributions in the field of Fuzz Testing, specifically (but not limited to) as a maintainer of one of the most advanced and used publicly available fuzzers, AFL++.

PUBLICATIONS

WEIZZ: Automatic Grey-box Fuzzing for Structured Binary Formats
Fioraldi Andrea and D'Elia Daniele Cono and Coppa Emilio
in Proceedings of the 29th ACM SIGSOFT International Symposiumon Software Testing and Analysis
AFL++: Combining incremental steps of fuzzing research
Andrea Fioraldi, Dominik Maier, Heiko Eissfeldt, Marc Heuse
in 14th USENIX Workshop on Offensive Technologies (WOOT 20)
Fuzzing binaries for memory safety errors with QASan
Andrea Fioraldi, Daniele Cono D'Elia, Leonardo Querzoni
in 2020 IEEE Secure Development Conference (SecDev)
The Use of Likely Invariants as Feedback for Fuzzers
Andrea Fioraldi, Daniele Cono D'Elia, Davide Balzarotti
in 30th USENIX Security Symposium (USENIX Security 21)

TALKS

Fuzzers like LEGO
Fioraldi Andrea and Dominik Maier
Remote Chaos Experience (CCC), December 2020

SERVICES

  • PC member at WOOT (2021)

  • CONTACT

  • Mail: python -c 'import os; os.system("echo fio%sldi%seurecom.%s" % ("ra", "@", "fr"))'
  • Twitter: @andreafioraldi
  • GitHub: @andreafioraldi
  • Google Scholar: profile

  • EURECOM
    Campus SophiaTech,
    450 Route des Chappes, 06410 Biot FRANCE
    Office: 370