Jayakrishna Menon Vadayath

I am a PhD student at School of Computing and Augmented Intelligence lab at Arizona State University.

I currently work at SEFCOM with some really amazing people and my primary advisor is Dr. Yan Shoshitaishvili. I also actively work with Dr. Ruoyu (Fish) Wang, Dr. Tiffany Bao and Dr. Adam Doupé.

My research focuses on automated vulnerability analysis on application software. My areas of interest are static analysis, symbolic execution and fuzzing.

Prior to starting my PhD in Fall 2019, I had interned at the Information Sciences Institute at University of Southern California under the supervision of Dr. Christophe Hauser and at SEFCOM where I currently work as a Research Assistant.

I have also interned at ForAllSecure Inc during the Summer 2022 and Summer 2023 where I worked with Thanassis Avgerinos and many other amazing people.

I started playing CTF’s as a part of Team bi0s in 2014 and I currently play with Shellphish where I have been the co-captain since 2023. I primarily focus on Pwning/Exploitation challenges, but I occasionally try out some Reverse Engineering challenges as well.

I am also a part of the Shellphish founded AIxCC team where we won $2 Million from DARPA as finalists in the AIxCC competition with our Cyber Reasoning System (CRS) ARTIPHISHELL.

latest posts

Sep 14, 2024	M0lecon CTF Teaser 2024 ducts Writeup
May 17, 2023	M0lecon CTF 2023 NoRegVM Writeup
Jan 05, 2023	OCTF 2022 EZVM Writeup

selected publications

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs

Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, and 9 more authors

In 31st USENIX Security Symposium (USENIX Security 22), Aug 2022

Abs PDF Slides

In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. In this paper, we identify a set of vulnerability properties that can aid both static and dynamic vulnerability detection techniques, improving the precision of the former and the scalability of the latter. By carefully integrating static and dynamic techniques, we detect vulnerabilities that exhibit these properties in real-world programs at a large scale. We implemented our technique, making several advancements in the analysis of binary code, and created a prototype called ARBITER. We demonstrate the effectiveness of our approach with a large-scale evaluation on four common vulnerability classes: CWE-131 (Incorrect Calculation of Buffer Size), CWE-252 (Unchecked Return Value), CWE-134 (Uncontrolled Format String), and CWE-337 (Predictable Seed in Pseudo-Random Number Generator). We evaluated our approach on more than 76,516 x86-64 binaries in the Ubuntu repositories and discovered new vulnerabilities, including a flaw inserted into programs during compilation.
Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation

Hui Jun Tay, Kyle Zeng, Jayakrishna Menon Vadayath, and 11 more authors

In 32nd USENIX Security Symposium (USENIX Security 23), Aug 2023
Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services

Wil Gibbs, Arvind S Raj, Jayakrishna Menon Vadayath, and 12 more authors

In 33rd USENIX Security Symposium (USENIX Security 24), Aug 2024
’Watching over the shoulder of a professional’: Why hackers make mistakes and how they fix them

Irina Ford, Ananta Soneji, Faris Bugra Kokulu, and 8 more authors

In 45th IEEE Symposium on Security and Privacy (S&P 24), May 2024
Fuzz to the Future: Uncovering Occluded Future Vulnerabilities via Robust Fuzzing

Arvind S Raj, Wil Gibbs, Fangzhou Dong, and 12 more authors

In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security(CCS ’24), Oct 2024