Andrea Fioraldi is currently a Ph.D. student in the Software and Systems Security group of EURECOM under the supervision of Prof. Davide Balzarotti. He is working on new methodologies to improve the effectiveness of security vulnerability discovery techniques such as Fuzz Testing in the scope of the DARPA Chess project.
In 2020, Andrea obtained his MSc degree in Engineering in Computer Science from Sapienza, University of Rome. His thesis was developed during his internship at EURECOM with the supervision of Prof. Balzarotti and its title is “Program State Abstraction for Feedback-driven Fuzz Testing using Likely Invariants”. In 2018, Andrea obtained his BSc degree in Computer and Control Engineering from Sapienza, University of Rome. His thesis is entitled “Symbolic Execution and Debugging Synchronization”.
Andrea is an active player in CyberSecurity competitions (Capture the Flag). He won the Italian CyberChallenge in 2017 in the category of Malware Analysis, he was also part of the first Italian team participating at the ENISA’s European CyberSecurity Challenge. With his team mHACKeroni, he also participated several times to top international competitions among the best hacker teams in the world, such as DEFCON CTF and CCC CTF, with great results.
Andrea is known in the security community for his contributions in the field of Fuzz Testing, specifically (but not limited to) as a maintainer of one of the most advanced and used publicly available fuzzers, AFL++.
WEIZZ: Automatic Grey-box Fuzzing for Structured Binary Formatsin Proceedings of the 29th ACM SIGSOFT International Symposiumon Software Testing and Analysis
AFL++: Combining incremental steps of fuzzing researchin 14th USENIX Workshop on Offensive Technologies (WOOT 20)
Fuzzing binaries for memory safety errors with QASanin 2020 IEEE Secure Development Conference (SecDev)
The Use of Likely Invariants as Feedback for Fuzzersin 30th USENIX Security Symposium (USENIX Security 21)
Registered Report: Dissecting American Fuzzy Lop - A FuzzBench Evaluationin the 1st International Fuzzing Workshop (FUZZING 2022)
Fuzzing with Data Dependency InformationEuroSP 2022, Genoa, Italy
LibAFL: A Framework to Build Modular and Reusable FuzzersProceedings of the 29th ACM conference on Computer and communications security (CCS) , Los Angeles, U.S.A.
Dissecting American Fuzzy Lop -- A FuzzBench EvaluationACM Trans. Softw. Eng. Methodol.
Fuzzers like LEGORemote Chaos Experience (CCC), December 2020
LibAFL: The Advanced Fuzzing LibraryFUZZCON EUROPE, October 2021
python -c 'import os; os.system("echo fio%sldi%seurecom.%s" % ("ra", "@", "fr"))'