Yan Shoshitaishvili

Striving for positive impact in a digital world.

yans@asu.edu

(520) 305-9267

https://yansho.sh 

@Zardus

I have published 59 top-tier Computer Science papers, and 95 publications overall. My research has won six best-paper awards and spans a number of Cybersecurity disciplines, including program analysis, vulnerability assessment, internet-scale threats, and cybersecurity education.

I co-founded the angr binary analysis framework, an open base for researchers in academia, industry, and government. The original paper is one of the top 100-most cited cybersecurity papers in history and was recognized with an ACSAC Artifact Impact Award.

I hosted DEF CON CTF, the world championship of hacking, from 2018 to 2024. My team introduced many competition design innovations and ran some of the highest-rated editions of this CTF. I was awarded a DEFCON Black Badge for this contribution.

I also competed in DEF CON CTF as either captain or core member of team Shellphish, for 12 years. My tenure as captain saw the team expand its global influence and achieve tangible impact in education material, cybersecurity tooling, and community inspiration.

I led Shellphish to win third place in the DARPA Cyber Grand Challenge, creating one of the world's first autonomous Cyber(security) Reasoning Systems, which we open-sourced. We later built on this success in the DARPA/ARPA-H AI Cyber Challenge.

I am the Principal Investigator on over $24 million in research funding from many public and private entities. My support includes the DARPA Young Faculty Award, the DARPA Director's Award, and the Google Academic Research Award.

I founded the pwn.college dojo, a free, state-of-the-art cybersecurity education platform open to anyone. This platform has reached over 50,000 students worldwide, including hundreds of high school students and thousands of lifetime learners.

My teaching efforts have been recognized at ASU through the Fulton Teaching Excellence award as well as nationally with my appointment as the Founding Director of the American Cybersecurity Education Institute.

I have guided the field through numerous keynotes, panels, and committees, the founding of the NDSS Binary Analysis Research Workshop, and an appointment to the United States Cybersecurity and Infrastructure Security (CISA) Technical Advisory Council (TAC).

Education

PhD in Computer Science from the University of California, Santa Barbara.
Advisors: Giovanni Vigna and Christopher Kruegel
Dissertation: Building a Base for Cyber-autonomy

BS in Computer Science from Rensselaer Polytechnic Institute.

Professional Appointments

2023 - Present

Associate Professor
Arizona State University.

2024 - Present

Director
American Cybersecurity Education Institute, Arizona State University

2024 - Present

Provost

DEF CON Academy

2022 - Present

Associate Director of Workforce Development
Center for Cybersecurity and Trusted Foundations, Arizona State University.

2022 -
2023

Acting Director
Center for Cybersecurity and Trusted Foundations, Arizona State University.

2017 -
2023

Assistant Professor
Arizona State University.

Research Funding

$24,934,898 (PI), $8,408,392 (Co-PI share)

Google

2025-2026

Google Academic Research Award: AI-Mediated Collaborative Software Understanding, $100,000, PI.

DoD
2024-2029

STEEDDEMON: Human-assisted Cyber Reasoning Systems, $2,496,403, PI (w/ Adam Doupe, Chitta Baral).

DARPA

2024-2026

The American Cybersecurity Education Institute, $4,498,351, PI (w/ Adam Doupe, Ruoyu Wang, Tiffany Bao).

DARPA
2024-2025

COPE: SENSEI: Scaling Education Nationwide for Security Expertise and Impact, $82,235, PI (w/ Adam Doupe).

DARPA

2024-2027

FIRE: SENPAI — Strategic Exploration, Navigation, and Patching of Abstracted Integrated Systems (w/ Tiffany Bao, Adam Doupe, Ruoyu Wang, Sandeep Gupta, Giulia Pedrielli), $1,617,880 share.

ARPA-H

2023-2026

DIGIHEALS: RxCRS — Reliable and eXplainable Cyber Reasoning System for Digital Health Security, co-PI (w/ Fish Wang, Tiffany Bao, Adam Doupe, Stephanie Forrest, Ni Trieu), $1,799,076 share.

DoD
2023-2026

Science of Security: Leveraging Machine Learning for Binary Software Understanding, $748,949, PI.

NSF

2023-2025

SaTC: CORE: Medium: Symbolizing Viability: Paving the Road to Practical Symbolic Execution, $1,200,000, co-PI (w/ Tiffany Bao), $400,160 share.

DARPA

2022-2025

YFA (Young Faculty Award): Shining Light on Occluded Vulnerabilities, $996,241, PI.

DARPA
2022-2026

HARDEN: EURYALE — Combating Emergent Execution with a GLANCE, $3,769,730, co-PI (w/ Adam Doupe, Tiffany Bao, Fish Wang, Stephanie Forrest, Giulia Pedrielli). $628,782 share.

NSF
2022-2024

CICI: TCR: Improving the Robustness of Cyberinfrastructure via Scalable Vulnerability Discovery and Mitigation on "Big Binaries". $1,200,000, co-PI (w/ Fish Wang). $599,999 share.

DARPA

2020-2024

AMP: VOLT — A Viscous, Orchestrated Lifting and Translation Framework, $6,678,767, co-PI (w/ Fish Wang, Adam Doupe, Tiffany Bao, Stephanie Forrest, Sandeep Gupta, Georgios Fainekos), $1,001,815 share.

DoD

2019-2024

Human-Assisted Cyber Reasoning Systems and Oppositional Human Factors, $6,398,432.00, PI (w/ Adam Doupe, Chitta Baral).

DARPA 2019-2022

CHESS: CHECRS — Cognitive Human Extensions for Cyber Reasoning Systems, $11,730,557, co-PI (w/ Ruoyu Wang, Adam Doupe, Tiffany Bao, Chitta Baral, Stephanie Forrest), $1,707,216 share.

DARPA 2018-2022

HACCS: Puppeteer — Achieving Remote Control Over Complex Systems, $7,474,245, PI (w/ Adam Doupe).

ONR

2017-2022

Binary Trimming for Improved Security, $1,990,042, co-PI (w/ Giovanni Vigna, Christopher Kruegel), $653,464 share.

MITRE

2020-2021

LATCH:  Live  Binary  Analysis  and  Patching,  $150,000,  PI  (w/ Ruoyu Wang).

Top-Tier Conference Publications

Top-tier Total (59)

Cybersecurity: Usenix Security (17), IEEE Security & Privacy (12), ACM CCS (11), NDSS (8)
Computer Science Education: SIGCSE (5)
Mobile Computing: MobiSys (2)
Machine Learning: AAAI (1), ICML (1)
Computer Architecture: ASPLOS (1)

Measurement: IMC (1)

All manuscripts available at: https://yancomm.net/papers 

  1. Ananta Soneji, Souradip Nath, Moritz Schloegel, Yan Shoshitaishvili, Gail-Joon Ahn, Adam Doupe, Carlos Rubio-Medrano. Beyond the Buzzword: How do Professionals Understand and Translate Zero Trust? ACM CCS 2026.
  2. Hongkai Chen, Yuqing Yang, Chao Wang, Arpit Nandi, Moritz Schloegel, Tiffany Bao, Ruoyu Wang, Adam Doupé, Zhiqiang Lin, Yan Shoshitaishvili. SoK: History Doesn't Repeat Itself, but Android Design-Level Vulnerabilities Rhyme in OpenHarmony. Usenix Security 2026.
  3. Hongkai Chen, Chao Wang, Yuqing Yang, Jennifer Miller, Tiffany Bao, Ruoyu Wang, Adam Doupé, Zhiqiang Lin, Yan Shoshitaishvili. Fragile Deliveries: Inconsistencies in Android Parcel and Their Security Consequences. ACM MobiSys 2026.
  4. Yibo Liu, Zion Leonahenahe Basque, Arvind S Raj, Chavin Udomwongsa, Chang Zhu, Jie Hu, Changyu Zhao, Fangzhou Dong, Adam Doupé, Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang. Oxidizer: Toward Concise and High-fidelity Rust Decompilation. IEEE Security and Privacy 2026.
  5. Hui Jun Tay, Souradip Nath, Arvind S Raj, Abhay Bhat, Ishan Bansal, Audrey Dutcher, Moritz Schloegel, Adam Doupé, Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang. Responsible Disclosure is a Two-Way Street: Empirically Measuring the Responsible Disclosure Contract in the Firmware Ecosystem. IEEE Security and Privacy 2026 - Distinguished Paper Award.
  6. Kyle Zeng, Moritz Schloegel, Christopher Salls, Adam Doupé, Ruoyu Wang, Yan Shoshitaishvili, Tiffany Bao. ropbot: Reimaging Code Reuse Attack Synthesis. NDSS 2026.
  7. Fangzhou Dong, Arvind S Raj, Efrén López-Morales, Siyu Liu, Yan Shoshitaishvili, Tiffany Bao, Adam Doupé, Muslum Ozgur Ozmen, Ruoyu Wang. Discovering Blind-Trust Vulnerabilities in PLC Binaries via State Machine Recovery. NDSS 2026.
  8. Zion Leonahenahe Basque, Samuele Doria, Ananta Soneji, Wil Gibbs, Adam Doupe, Yan Shoshitaishvili, Eleonora Losiouk, Ruoyu Wang, Simone Aonzo. Decompiling the Synergy: An Empirical Study of Human–LLM Teaming in Software Reverse Engineering. NDSS 2026 - Distinguished Paper Award.
  9. Yan Shoshitaishvili, Adam Doupe, Connor Nelson. Linux Luminarium: Learning Linux by Leveraging Lightweight Labs and Ludicrous Lessons. SIGCSE 2026 - Best Paper Award.
  10. Connor Nelson, Robert Wasinger, Adam Doupe, Yan Shoshitaishvili. Open Cybersecurity Education: Five Years of pwn.college. SIGCSE 2026.
  11. Jennifer Miller, Manas Ghandat, Kyle Zeng, Hongkai Chen, Abdelouahab Benchikh, Tiffany Bao, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili. Hijacking System Registers for Kernel Exploitation. Usenix Security 2025.
  12. Marzieh Bitaab, Alireza Karimi, Zhuoer Lyu, Ahmadreza Mosallanezhad, Adam Oest, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupe. ScamNet: Toward Explainable Large Language Model-based Fraudulent Shopping Website Detection. AAAI 2025.
  13. Marzieh Bitaab, Alireza Karimi, Zhuoer Lyu, Adam Oest, Dhruv Kuchhal, Muhammad Saad, Gail-Joon Ahn, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé. SCAMMAGNIFIER: Piercing the Veil of Fraudulent Shopping Website Campaigns. NDSS 2025.
  14. Connor Nelson, Adam Doupé, Yan Shoshitaishvili. SENSAI: Large Language Models as Applied Cybersecurity Tutors. SIGCSE 2025.
  15. Faezeh Kalantari, Mehrnoosh Zaeifi, Yeganeh Safaei, Marzieh Bitaab, Adam Oest, Gianluca Stringhini, Yan Shoshitaishvili, Adam Doupé. Browser Polygraph: Efficient Deployment of Coarse-Grained Browser Fingerprints for Web-Scale Detection of Fraud Browsers. IMC 2024.
  16. Easton Kelso, Ananta Soneji, Sazzadur Rahaman, Yan Shoshitaishvili, Rakibul Hasan. Trust, Because You Can't Verify: Privacy and Security Hurdles in Education Technology Acquisition Practices. ACM CCS 2024.
  17. Arvind S Raj, Wil Gibbs, Fangzhou Dong, Jayakrishna Menon Vadayath, Michael Tompkins, Steven Wirsz, Yibo Liu, Zhenghao Hu, Chang Zhu, Gokulkrishna Praveen Menon, Brendan Dolan-Gavitt, Adam Doupé, Ruoyu Wang, Yan Shoshitaishvili, Tiffany Bao. Fuzz the Future: Uncovering Occluded Future Vulnerabilities by Robust Fuzzing. ACM CCS 2024.
  18. Nathaniel Li, et al. The WMDP Benchmark: Measuring and Reducing Malicious Use with Unlearning. ICML 2024.
  19. Chang Zhu, Ziyang Li, Anton Xue, Ati Priya Bajaj, William Gibbs, Hanjun Dai, Mayur Naik, Rajeev Alur, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang, Aravind Machiry. TYGR: Type Inference on Stripped Binaries using Graph Neural Networks. Usenix Security 2024.
  20. Ziyi Guo, Dang K Le, Zhenpeng Lin, Kyle Zeng, Adam Doupé, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Xinyu Xing. Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation. Usenix Security 2024.
  21. Wil Gibbs, Arvind Raj, Jayakrishna Vadayath, Hui Jun Tay, Jennifer Miller, Zion Leonahenahe Basque, Audrey Dutcher, Fangzhou Dong, Xavier Maso, Giovanni Vigna, Christopher Kruegel, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang. Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services. Usenix Security 2024.
  22. Zion Leonahenahe Basque, Ati Bajaj, Wil Gibbs, Jude O'Kain, Derron Miao, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang. Ahoy SAILR! There is No Need to DREAM of C: A Compiler-Specific Structuring Algorithm for Binary Decompilation. Usenix Security 2024.
  23. Irina Ford, Ananta Soneji, Faris Bugra Kokulu, Jayakrishna Vadayath, Gaurav Vipat, Adam Doupé, Ruoyu Wang, Gail-Joon Ahn, Tiffany Bao, Yan Shoshitaishvili. "Watching over the shoulder of a professional": Why hackers make mistakes and how they fix them. IEEE Security and Privacy 2024.
  24. Kuntal Kumar Pal, Ati Priya Bajaj, Pratyay Banerjee, Audrey Dutcher, Mutsumi Nakamura, Zion Leonahenahe Basque, Himanshu Gupta, Saurabh Arjun Sawant, Ujjwala Anantheswaran, Yan Shoshitaishvili, Adam Doupe, Chitta Baral, Ruoyu Wang. "Len or index or count, anything but v1": Predicting Variable Names in Decompilation Output with Transfer Learning. IEEE Security and Privacy 2024.
  25. Connor Nelson, Yan Shoshitaishvili. DOJO: Applied Cybersecurity Education In The Browser. ACM SIGCSE 2024.
  26. Connor Nelson, Yan Shoshitaishvili. PWN The Learning Curve: Education-First CTF Challenges. ACM SIGCSE 2024.
  27. Kyle Zeng, Zhenpeng Lin, Kangjie Lu, Xinyu Xing, Ruoyu Wang, Adam Doupe, Yan Shoshitaishvili, Tiffany Bao. RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections. ACM CCS 2023.
  28. Hui Jun Tay, Kyle Zeng, Jayakrishna Menon Vadayath, Arvind S Raj, Audrey Dutcher, Tejesh Reddy, Wil Gibbs, Zion Leonahenahe Basque, Fangzhou Dong, Adam Doupe, Tiffany Bao, Yan Shoshitaishvili, and Ruoyu Wang. Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation. Usenix Security 2023.
  29. Marzieh Bitaab, Haehyun Cho, Adam Oest, Zhuoer Lyu, Wei Wang, Jorij Abraham, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupe. Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale. IEEE Security and Privacy 2023.
  30. Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupe. Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities. IEEE Security and Privacy 2023.
  31. Penghui Zhang, Zhibo Sun, Sukwha Kyung, Hans Behrens, Zion Leonahenahe Basque, Haehyun Cho, Adam Oest, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Gail-Joon Ahn, Adam Doupe. I’m SPARTACUS, No, I’m SPARTACUS: Proactively Protecting Users From Phishing by Intentionally Triggering Cloaking Behavior. ACM CCS 2022.
  32. Soroush Karami, Faezeh Kalantari, Mehrnoosh Zaeifi, Xavier Jeremy Maso, Erik Trickel, Panagiotis Ilia, Yan Shoshitaishvili, Adam Doupe, Jason Polakis. Unleash the Simulacrum: Shifting Browser Realities for Robust Extension-Fingerprinting Prevention. Usenix Security 2022.
  33. Kyle Zeng, Yueqi Chen, Haehyun Cho, Xinyu Xing, Adam Doupe,  Yan Shoshitaishvili, Tiffany Bao. Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability. Usenix Security 2022.
  34. Jayakrishna Menon Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, Yan Shoshitaishvili.  Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs. Usenix Security 2022.
  35. Ananta Soneji, Faris Bugra Kokulu, Carlos Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupe. “Flawed, but like democracy we don’t have a better system”: The Experts’ Insights on the Peer Review Process of Evaluating Security Papers. IEEE Security and Privacy 2022.
  36. Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn. ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. ACM ASPLOS 2022.
  37. Zhibo Sun, Adam Oest, Penghui Zhang, Carlos Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Ziming Zhao, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn. Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service, Usenix Security 2021.
  38. Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing. IEEE Security and Privacy 2021 - Best Student Paper Award.
  39. Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili. Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases, NDSS 2021.
  40. Efren Lopez-Morales, Carlos E. Rubio-Medrano, Tiffany Bao, Adam Doupe, Yan Shoshitaishvili, Ruoyu Wang, Gail-Joon Ahn. HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems. ACM CCS 2020.
  41. Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists. Usenix Security 2020.
  42. Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn. SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture, ACM MobiSys 2020.
  43. Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Giovanni Vigna, Christopher Kruegel. KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware, IEEE Security and Privacy 2020.
  44. Faris Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doupé, Gail-Joon Ahn. Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues, ACM CCS 2019.
  45. Vaibhav Dixit, Sukwha Kyung, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, Gail-Joon Ahn. AIM-SDN: Attacking Information Mismanagement in SDN-datastores, ACM CCS 2018.
  46. Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. Heaphopper: bringing bounded model checking to heap implementation security, Usenix Security 2018.
  47. Hui Peng, Yan Shoshitaishvili, Mathias Payer. T-Fuzz: fuzzing by program transformation. IEEE Security and Privacy 2018.
  48. Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Automated Cyber Reasoning Systems with Human Assistance. ACM CCS 2017.
  49. Jacob Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers. ACM CCS 2017.
  50. Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. BootStomp: On the Security of Bootloaders in Mobile Devices. Usenix Security 2017.
  51. Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, David Brumley. Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits. IEEE Security and Privacy 2017.
  52. Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna. Ramblr: Making Binaries Great Again. NDSS 2017 - Distinguished Paper Award.
  53. Yan Shoshitaishvili, Ruoyu Wang, Chris Salls, Nick Stephens, Mario Polino, Audrey Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, Giovanni Vigna. SoK: (State of the) Art of War: Offensive Techniques in Binary Analysis. IEEE Security and Privacy 2016.
  54. Nick Stephens, John Grosen, Chris Salls, Audrey Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. Driller: Augmenting Fuzzing Through Symbolic Execution. NDSS 2016.
  55. Alessandro Di Federico, Amat Cama, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. How the ELF Ruined Christmas. Usenix Security 2015.
  56. Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, Giovanni Vigna. Firmalice: Detecting Authentication Bypass Vulnerabilities in Embedded Devices. NDSS 2015.
  57. Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. Steal this Movie - Automatically Bypassing DRM Protection in Streaming Media Services. Usenix Security 2013.
  58. Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, Giovanni Vigna. Revolver: An Automated Approach to the Detection of Evasive Web-based Malware. Usenix Security 2013.
  59. Antonio Bianchi, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds. ACM CCS 2012.

Other Conference Papers

  1. Xiang Mei, Jordi Del Castillo, Pulkit Singh Singaria, Haoran Xi, Abdelouahab, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Hammond Pearce, Brendan Dolan-Gavitt. ARVO: Atlas of Reproducible Vulnerabilities for Open-Source Software. EURO S&P 2026.
  2. Zhibo Sun, Faris Bugra Kokulu, Penghui Zhang, Adam Oest, Gianluca Stringhini, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. From victims to defenders: an exploration of the phishing attack reporting ecosystem. RAID 2024.
  3. Vivin Paliath, Erik Trickel, Tiffany Bao, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili. Sandpuppy: Deep-state fuzzing guided by automatic detection of state-representative variables. DIMVA 2024.
  4. Mehrnoosh Zaeifi, Faezeh Kalantari, Adam Oest, Zhibo Sun, Gail-Joon Ahn, Yan Shoshitaishvili, Tiffany Bao, Ruoyu Wang, Adam Doupé. Nothing Personal: Understanding the Spread and Use of Personally Identifiable Information in the Financial Ecosystem. ACM CODASPY 2024.
  5. Rana Pourmohamad, Steven Wirsz, Adam Oest, Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Adam Doupé, Rida Bazzi. "Deep dive into client-side anti-phishing: A longitudinal study bridging academia and industry. AsiaCCS 2024.
  6. Christophe Hauser, Shirin Nilizadeh, Yan Shoshitaishvili, Ni Trieu, Srivatsan Ravi, Christopher Kruegel, Giovanni Vigna. Street Rep: A Privacy-Preserving Reputation Aggregation System. SecureComm 2023.
  7. Jaejong Baek, Pradeep Kumar Duraisamy Soundrapandian, Sukwha Kyung, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. Targeted privacy attacks by fingerprinting mobile apps in LTE radio layer. DSN 2023.
  8. Faezeh Kalantari, Mehrnoosh Zaeifi, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé. Context-Auditor: Context-sensitive Content Injection Mitigation. RAID 2022.
  9. Mantovani, Alessandro, Luca Compagna, Yan Shoshitaishvili, and Davide Balzarotti. The Convergence of Source Code and Binary Vulnerability Discovery–A Case Study. AsiaCCS 2022.
  10. Pradeep Kumar Duraisamy Soundrapandian, Tiffany Bao, Jaejong Baek, Yan Shoshitaishvili, Adam Doupé, Ruoyu Wang, Gail-Joon Ahn. MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts. HICCS 2021.
  11. Pakki, Jaswant, Yan Shoshitaishvili, Ruoyu Wang, Tiffany Bao, and Adam Doupé. Everything you ever wanted to know about bitcoin mixers (but were afraid to ask). Financial Cryptography, 2021.
  12. Christophe Hauser, Jayakrishna Menon, Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna, Christopher Kruegel. Sleak: Automating Address Space Layout Derandomization. ACSAC 2020.
  13. Haehyun Cho, Jinbum Park, Joonwon Kang, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn. Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers. USENIX Woot 2020.
  14. Bitaab, Marzieh, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn. Scam pandemic: How attackers exploit public fear through phishing. eCrime 2020.
  15. Salls, Christopher, Aravind Machiry, Adam Doupé, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. Exploring abstraction functions in fuzzing. Conference on Communications and Network Security (CNS) 2020.
  16. Nilo Redini, Yan Shoshitaishvili, Ruoyu Wang, Aravind Machiry, Yan Shoshitaishvili, Giovanni Vigna, Christopher Kruegel. BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation, DIMVA 2019.
  17. Ronny Chevalier, Stefano Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, Danilo Bruschi, Andrea Lanzi. BootKeeper: Validating Software Integrity Properties on Boot Firmware Images, ACM CODASPY 2019.
  18. Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. Wi Not Calling: Practical Privacy and Availability Attacks in Wi-Fi Calling, ACSAC 2018.
  19. Vaibhav Hemant Dixit, Sukwha Kyung, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili and Gail-Joon Ahn. Challenges and Preparedness of SDN-based Firewalls. SDN-NFV 2018.
  20. Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, David Brumley. How Shall We Play a Game? A Game-Theoretical Model for Cyber-warfare Games. IEEE Computer Security Foundations Symposium 2017 - NSA 2018 Cybersecurity Paper Award.
  21. Marius Muench, Fabio Pagani, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, Davide Balzarotti. Taming Transactions: Towards Hardware-Assisted Control Flow Integrity using Transactional Memory. RAID 2016.
  22. Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. Portrait of a Privacy Invasion - Detecting Relationships Through Large-scale Photo Analysis. PETS 2015.
  23. Yinzhi Cao, Yan Shoshitaishvili, Kevin Borgolte, Christopher Kruegel, Giovanni Vigna, Yan Chen. Protecting Web-based Single Sign-on Protocols against Relying Party Impersonation Attacks through a Dedicated Bi-directional Authenticated Secure Channel. RAID 2014.
  24. Yan Shoshitaishvili, Luca Invernizzi, Adam Doupe, Christopher Kruegel, Giovanni Vigna. Do You Feel Lucky? A Large-Scale Analysis of Risk-Reward Trade-Offs in Cyber Security. ACM SAC 2014.
  25. Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupe, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, Yan Shoshitaishvili. Ten Years of iCTF: The Good, The Bad, and The Ugly. Usenix 3GSE 2014.
  26. Giancarlo De Mayo, Alexandros Kapravelos, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. PExy: The other side of Exploit Kits. DIMVA 2014.

Workshop Publications

  1. Zehua Zhang, Ati Priya Bajaj, Divij Handa, Siyu Liu, Arvind S Raj, Hongkai Chen, Hulin Wang, Yibo Liu, Zion Leonahenahe Basque, Souradip Nath, Will Rosenberg, Vishal Juneja, Nikhil Chapre, Yan Shoshitaishvili, Adam Doupe, Chitta Baral, Ruoyu Wang. Build-Bench: Benchmarking LLM Agents on Compiling Real-World Open Source Software. NeurIPS-DL4C 2025.
  2. Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, Gail-Joon Ahn. CacheLight: Defeating the CacheKit Attack, ACM ASHES 2018.
  3. Jayakrishna Menon, Christophe Hauser, Yan Shoshitaishvili, Stephen Schwab. A binary analysis approach to retrofit security in input parsing routines. IEEE LangSec 2018.

Journal, Magazine, and Book/Chapter Publications

  1. Houbing Song, Elisa Bertino, Alvaro Vasquez, Huihui Helen Wang, Yan Shoshitaishvili, Sumit Kumar Jha (Editors). AI for Cybersecurity: Research and Practice, Wiley-IEEE Press 2026.
  2. Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn. CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing. IEEE Security and Privacy Magazine 2022.
  3. Tiffany Bao and Yan Shoshitaishvili. Cyber Autonomy in Software Security: Techniques and Tactics (Book Chapter). In Game Theory and Machine Learning for Cyber Security, 2021.
  4. Yan Shoshitaishvili, et al. Cyber Grand Shellphish. Phrack Volume 70, 2021.
  5. Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, Gail-Joon Ahn. Mitigating the CACHEKIT Attack. Frontiers in Hardware Security and Trust: Theory, Design and Practice 2020.
  6. Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Audrey Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Chris Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna. Mechanical Phish: Resilient Autonomous Hacking. IEEE Security and Privacy Magazine 2018.
  7. Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. Portrait of a Privacy Invasion - Detecting Relationships Through Large-scale Photo Analysis. Proceedings on Privacy Enhancing Technologies 2015.

Awards

  1. We received a Distinguished Paper award for our paper, Responsible Disclosure is a Two-Way Street, at IEEE S&P 2026!
  2. We received a Distinguished Paper award for our paper, Decompiling the Synergy, at NDSS 2026!
  3. We received a Best Paper award for our paper, Linux Luminarium, at SIGCSE 2026!
  4. I earned a Black Badge at DEF CON 33 for my CTF service with Order of the Overflow.
  5. I received a 2025 AI 2000 Most Influential Scholar Award Honorable Mention.
  6. Shellphish qualified for the AIxCC final event, winning a prize of $2,000,000 for getting this far!
  7. Shellphish won the AIxCC Concept White Paper Challenge, with a prize of $1,000,000!
  8. I received a 2024 DARPA Directors Award for my Young Faculty Award research!
  9. Our binary analysis framework, angr, won the ACSAC 2023 Artifact Impact Award.
  10. ASU's Fulton Schools of Engineering awarded me the Teaching Excellence award for the 2022-2023 school years!
  11. ASU's Fulton Schools of Engineering awarded me the Top 5% Teaching Award for the 2021-2022 and 2022-2023 school years!
  12. I received a 2022 DARPA Young Faculty Award!
  13. The IEEE Security and Privacy 2021 program committee awarded CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing the Best Student Paper award.
  14. Our paper, How Shall We Play a Game?, won the 2018 NSA Cybersecurity paper competition.
  15. I received the UC Santa Barbara Computer Science Department's Outstanding Dissertation Award for my graduate studies.
  16. We received a Distinguished Paper award for our paper, Ramblr, at NDSS 2017.
  17. I led my team, Shellphish, to a 3rd place victory (and another $750,000 prize) in the DARPA Cyber Grand Challenge.
  18. I led Shellphish to qualify for the DARPA Cyber Grand Challenge (and win a $750,000 prize). 7 teams qualified out of more than 100 entrants.
  19. Before passing on the mantle, I led Shellphish through a number of CTF victories and other finalist finishes in many competitions around the world over the course of most of a decade.

Organizational Leadership

2024 - Present

Director
American Cybersecurity Education Institute, Arizona State University

2024 - Present

Provost

DEF CON Academy

2025 - Present

Founder

PWN In Motion LLC

2024 -
Present

Founder
pwn.college LLC

2023 -
Present

Founder and Chief Scientist
Shellphish Support Syndicate

2023 -
Present

Founder and Chief Security Officer
Emotion Labs LLC

2022 - Present

Associate Director of Workforce Development
Center for Cybersecurity and Trusted Foundations, Arizona State University.

2017 -
Present

Co-Director
ASU SEFCOM (Security Engineering for Future Computing) Lab

2022 -
2023

Acting Director
Center for Cybersecurity and Trusted Foundations, Arizona State University.

2018 -
2021

Founder and Captain
Order of the Overflow CTF Organizing Team

2011 -
2027

Captain
Shellphish CTF Team

Open Source Contributions

angr.io

I led the design and development of angr, a next-generation binary analysis framework developed at UC Santa Barbara, and oversaw its open source release. I also managed the details of many sub-projects using and supporting angr.

pwn.college

I created pwn.college, a curated, comprehensive cybersecurity education platform, upon which I built my security courses at ASU. Pwn.college is based on the concept of "practice makes perfect" along with a new style of "walkthrough" CTF challenges.

wargame.
nexus

Keeping track of the world's various cybersecurity "wargames" is tricky, and I maintain a useful resource in this space. The Wargame Nexus helps people find wargames to practice their hacking skills.

safelibs.org 

I developed a custom workflow to port critical C libraries to mostly-safe Rust, resulting in drop-in replacements seamlessly installable in real systems.

github.com/

o-o-overflow

I led the Order of the Overflow in organizing DEF CON CTF, the "world championship" of cybersecurity competitions from 2018 through 2021. The challenges and infrastructure we open sourced ended up here.

github.com/

shellphish

With the rest of my hacking team, Shellphish, I released various tools and educational materials relating to security. For example, how2heap, a set of heap exploitation tutorials, is one of our popular projects.

github.com/

mechaphish

My hacking team, Shellphish, open-sourced our CRS, the Mechanical Phish, which won third place at the DARPA Cyber Grand Challenge.

openglad.
org

I co-led the effort to port and improve a game called Gladiator for modern platforms under the name Openglad. This has involved releases on every major OS and Android.

github.com/
zardus

I enjoy solving problems in original ways. When I solve an interesting problem or just create something nice, I open source it. For example, preeny formed an early basis for the security fuzzing of networked programs.

Invited Talks and Presentations

Keynote. Datasets Life in the Agentic Age. Data4SoftSec 2025.

Panelist. Agency, AI, and Cybersecurity. Munich Cybersecurity Conference 2026.

Panelist. The Future of Cybersecurity. CRA CCC Computing Futures Symposium 2025.

Keynote. Cyber Challenges and You: Challenges Encountered and Lessons Learned from CGC and AIxCC. EuroSec 2025.

Panelist. AI, Automated Attack & Defense. Munich Cybersecurity Conference 2025.

Media Interview. Shellphish qualifies for the DARPA AIxCC. FOX 10 News 2024.

Invited Talk. DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON Community. DEF CON 32 2024.

Invited Talk. A Decade(ish) of Binary Analysis: Lessons Learned. EPFL SuRI Workshop 2024.

Panelist. Digital Twins. National Academy of Sciences Cyber Forum 2024.

Invited Talk. A Decade of Binary Analysis: Lessons Learned. KAIST Colloquium Series 2024.

Panelist. Best Practices for Doing/Reviewing Research Papers in a Program Committee. HotSoS 2024.

Invited Talk. A Decade of Binary Analysis: Lessons Learned. Penn State University 2023.

Panelist. Large Language Models in Security. National Academy of Sciences Cyber Forum 2023.

Keynote. Sailing the Seas of the Science of Security. HotSoS 2023.

Keynote. The Past, Present, and Future of Automation in Vulnerability Assessment. Chosun Cybersecurity Conference 2023.

Panelist. Quo vadis Cyber Security? Are we really building defense systems, or are we all just into attacks for fun and profit?. NSF SaTC PI Meeting 2022.

Keynote. Reconciling the Hacker Spirit with Ethical Cybersecurity Education. NDSS ETHiCS 2023.

Keynote. How Cyber Reasoning Systems Stub Their Toes. EUROSEC 2022.

Keynote. Potential of CTF as Educational Opportunity / Teaching Material for Information Security. SECCON 2020.

Invited Talk. pwn.college: The Cybersecurity Dojo for Binary Analysis. CODE BLUE 2020.

Panelist. Talent Cultivation, the post-pandemic talent cultivation challenges and opportunity. HITCON 2020.

Invited Lecture. Cyber Autonomy: Theory to Practice. QualComm 2020.

Invited Talk. Theory to Practice: Applying Academic Program Analysis Advances in the Real World. Disclosure 2020.

Invited Talk. From Zero to Hero: Bootstrapping Students into Binary Analysis. NDSS 2020.

Keynote. Wax on, wax off: educating the next generation of hackers! HITCON 2019.

Panelist. Panel on Cybersecurity Education. HITCON 2019.

Keynote. The Dangers of the Subconscious Mind (of Cyber Reasoning Systems). Artificial Intelligence and Cybersecurity Workshop 2019.

Invited Talk. Master and Automation in Cybersecurity. Tsinghua Inforsec Workshop 2019.

Invited Seminar. How to Train Your Dragon: The Quest Toward Master and Automation in Cybersecurity. Rensselaer Polytechnic Institute 2019.

Invited Talk. The Rise, Tribulations, and Promises of the HaCRS. NSA Research 2018.

Distinguished Seminar. The Long Road to Cyber Autonomy. CMU 2018.

Keynote. All our Powers Combined: Connecting Academics, Engineers, and Hackers. HITCON 2017.

Panelist. Panel on International Cybersecurity. HITCON 2017.

Invited Talk. The Long Road to Cyber Autonomy. Cyberchess 2017.

Keynote. Reaching for Cyber Autonomy - From the Cradle to the Server Room. Samsung Security Forum 2017.

Panelist. Panel on Shifting the Balance in the Attack-Defend Cycle. HotSoS 2017.

Blue-team member. Workshop on Dangers of AI. ASU Origins 2017.

Panelist. Panel on National Privacy Research Strategy. ACSAC 2016.

Tutorial Instructor. ACSAC Tutorial - angr. ACSAC 2016.

Invited Talk. Through the Cyber Grand Challenge and Beyond. DHS/SRI Infosec Technology Transition Council Meeting 2016.

Invited Seminar. From the Lab to the Cyber Grand Challenge. ASU Center for Cybersecurity and Digital Forensics Seminar Series 2016.

Invited Talk. Cyber Grand Shellphish. DEFCON 2016.

Invited Talk. Letting angr drive your actions. 0CON 2016.

Invited Talk. Towards the DARPA Cyber Grand Challenge: A Dozen Years of Shellphish. SECCON 2015.

Keynote. Binary Analysis in the Wild West. ACSAC PPREW 2015.

Invited Talk. A Dozen Years of Shellphish - From Defcon to the DARPA Cyber Grand Challenge. HITCON CMT 2015.

Invited Talk. Angry Hacking - The Next Generation of Binary Analysis. DEFCON 2015.

Invited Talk. Dark Side of the ELF - Leveraging Dynamic Loading to pwn noobs. DEFCON 2015.

Invited Talk. Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware. Blackhat 2015.

Tool Presentation. CTF Tools - Taking the Headache out of Security Tool Installation. Blackhat Arsenal 2015.

Tool Presentation. Preeny - LD_PRELOAD for Security Analysis. Blackhat Arsenal 2015.

Service

DEF CON Academy organizer. 2025.

U.S. CISA Technical Advisory Council. 2022-2024.

DEF CON CTF organizer. 2018-2021.

Conference Program Committees: NDSS (2023), Usenix Security (2022, 2025), IEEE Security and Privacy (2020–2022, 2025), ACM CCS (2020), ACM AsiaCCS (2020), DIMVA (2018, 2021), RAID (2018, 2021).

Workshop Program Committees: ACM Workshop on Software Understanding for Reverse Engineering (2025), NDSS Workshop on Binary Analysis Research (2018–2022), ACM CCS Workshop on Forming an Ecosystem Around Software Transformation (2018,2019), ACM Workshop on Automotive Cybersecurity (2018), ISSTA TECPS (2017), IEEE Workshop on Adaptive Cyber Defence (2025).

Steering Committee. NDSS Workshop on Binary Analysis Research 2017-present, CCS Secure and Trustworthy Superapps (SaTS) Workshop (2026)..

Workshop Program Committee Chair. NDSS Workshop on Binary Analysis Research (2018), ACM CCS Workshop on Forming an Ecosystem Around Software Transformation (2018).

ASU SCAI Committees. CS Graduate Program Committee (2019-2022, 2024-present), Faculty Search Committee --- Cybersecurity (2017, 2019-2021, 2024-present), Faculty Search Committee --- Biodesign (2017, 2018), New Faculty Onboarding Committee (2022).

ASU SCAI Committee Chairships. New Faculty Onboarding Committee (2022), CS Graduate Program Committee (2019, 2021), Faculty Search Committee --- Cybersecurity (2019-2021), New Faculty Onboarding Committee (2022).

NSF SaTC Panel Reviewer. 2018-2020.

Track Lead. SCORE C3E 2017.

Program Committee, Session Chair. Usenix Enigma 2017.

Media Appearances & Outreach

Co-Host of the pwn.talk podcast, 2025-present.

Co-Host of the CTF RadiOOO podcast, 2020-present.

Mention in the State Press article "How ASU's SEFCOM is changing the world of cybersecurity", 2025.

Appearance in Fox News 10 TV interview, 2024.

Quote in the Washington Post article "Hackers race to win millions in contest to thwart cyberattacks with AI", 2024.

Quote in The State Press article "Staying protected online, a guide to cybersecurity", 2024.

Interview with Untold Content podcast in episode "Breaking Boundaries with Cybersecurity", 2020.

Multiple Quotes, Interviews in ASU news, 2017-present.

Quote in the New York Times article "Stepping Up Security for an Internet-of-Things World", 2016.

Ongoing Mentorship

PhD Student (committee chair). William Robinson, Aditya Gabani, Pratham Gupta, Giorgi Kobakhia, Giorgi Arsenadze, Davit Benashvili, Pulkit Singaria, Xiang Mei, Hongkai Chen, Jennifer Miller, Alireza Karimi, Michael Tompkins, Robert Wasinger, Arvind Raj, Zach Smith,.

PhD Student (committee co-chair). Huijun Tay, Audrey Dutcher, Yibo Liu.

PhD Student (committee member). Sukwha Kyung, Ananta Soneji, Yihui Zeng, Wil Gibbs, Ati Priya Bajaj, Steven Wirsz.

Masters Thesis Advisor. Richard Gibbons.

Undergraduate Mentor. Mitch Zakocs, Vishal Juneja.

Completed Mentorship

PhD Dissertation Committee Chair. Connor Nelson (2024), Jay Vadayath (2026).

PhD Dissertation Committee Co-Chair. Vivin Paliath (2023), Erik Trickel (2023), Marzieh Bitaab (2025), Zion Basque (2026).

PhD Dissertation Committee Member. Kyle Zheng (2025), Faezeh Kalantari (2024), Penghui Zhang (2022), Haehyun Cho (2021), Adam Oest (2020), Chris Salls (2020).

MS Thesis Committee Chair. Pratham Gupta (2025), Gaurav Vipat (2023), Swapnil Kumbhar (2023), Derek Ratliff, Sean Smits, Bailey Capuano.

MS Thesis Committee Co-Chair. Sam Zhu (2024), Gokul Praveen, Jaswant Pakki, Ashwin Sudhir, William Gibbs, Connor Nelson, Vaibhav Dixit.

MS Thesis Committee Member. Zachary Crosley.

Undergraduate Advisor. Kevin Stevens.

Undergraduate Co-Advisor. Jaswant Pakki, William Gibbs.

Apprenticeship Mentor. Arcadia Cipolla (2024), Cuong Nguyen (2024), Tuan Anh Nguyen (2024), Manas Ghandat (2024), Gyanedra Banjare (2024), Abdelwaheb-Mefteh El Kheir Benchikh (2024), Sina Mahdavi (2024), Sanjay Vardhan (2024), Cygnus Qiu (2024), Changyu Zhao (2023, 2024), Hongkai Chen (2022), Pulkit Singaria (2022), Suraj Malhotra (2022), Akshay Ajayan (2021), John Andrews (2020), Salah Baddou (2020), Xingman Chen (2020), Osi Ikharebha (2020), Xavier Maso (2020), Rana Pourmohamad (2020), Pradeep Soundrapandian (2020), Chien-Yuan Wang (2019), Ange Andries (2019), Gokul Menon (2019), Jay Menon (2019), Sung Ta (2019), Zhenpeng Lin (2019), Nipun Gupta (2019), Fangzhou Dong (2019), Aaron Branch (2019), Bader AlBassam (2019), Ryo Ichikawa (2018), Jack Phillips (2018).

High School Research Internship Mentor, 2025. 25 students mentored.

High School Research Internship Mentor, 2024. 24 students mentored.

High School Research Internship Mentor, 2023. 9 students mentored.

High School Research Internship Mentor, 2022. 5 students mentored.

Teaching

University Courses

F2024, S2025, F2025: CSE 365: Introduction to Cybersecurity.

F2022: CSE 194: History and Culture and Cybersecurity (newly developed).

F2022: CSE 598: Emerging Techniques in Cybersecurity (newly developed).

F2020, S2021, F2021, F2022: CSE 591/691: Current Topics in Cybersecurity (newly developed).

F2018, F2019, F2020, F2021, F2022: CSE 466: Computer Systems Security (newly developed)

S2021, F2025: CSE 598: Applied Vulnerability Research (newly developed).

S2021: CSE 598: Accelerated Applied Security (newly developed).

F2020. ASU 101: The ASU Experience.

S2017: CSE 591: Automated Binary Code Analysis (newly developed).

Trainings

2023: Customizable Static Vulnerability Discovery Using angr's Lesser Known Capabilities, BlackHat.

2022: Customizable Binary Analysis: Using angr to its full potential, DEF CON.

2017: angr - The Next Generation of Binary Analysis, SecDev.

2016: angr training, ACSAC.

Endeavors

  1. I am a leader of the Order of the Overflow, the organizers of the DEF CON CTF, the world championship of cybersecurity competitions, from 2018 through 2021.
  2. I was one of the faculty advisors of team Shellphish in the AI Cyber Challenge, where we made it to the final event, earning $3,000,000 throughout the competition!
  3. I was the captain for Shellphish's participation in the DARPA Cyber Grand Challenge. We finished in 3rd place, of 7 finalists (out of over 100 teams). We were the top-placing "unfunded" team, the top-placing academic team, and the only team to open-source our Cyber Reasoning System.
  4. I have competed on the team Shellphish at the DEFCON CTF from 2009 through 2017, leading it from 2011 through 2017. In 2015, our team ranked 4th worldwide.
  5. I have been a leading or core member of the organization team behind the 2011 through 2016 UCSB iCTF Computer Security competitions.
  6. I once won a Jigglypuff-only Super Smash Bros Brawl Tournament against the top SSBB players in Arizona.
  7. I danced Ballroom Dance competitively through college, and continue to dance West Coast Swing.
  8. I hold a black belt in Taekwondo from two studios.
  9. I enjoy gardening, with a focus toward growing peppers and various berries.