Dr. Xiang FuAssociate Professor
Department of Computer Science
Hofstra University, Hempstead, NY 11549
Office: Adams 202
Phone: (516) 463-4787
News and Announcements
Dec 14, 2012
ALOAS Prototype is now available for download. Congratulations to my students: Bruno Melo, Diego da Silva, Matheus Finatti, Stephen Cohen, Vinicio Meira. Fantastic job! .
Aug 15, 2012
Malware Analysis Tutorial 32: Exploration of Botnet Client .
April 12, 2012
Malware Analysis Tutorial 26: Rootkit Configuration .
March 23, 2012
Malware Analysis Tutorial 22: IRP Handler and Infected Disk Driver .
March 17, 2012
Malware Analysis Tutorial 21: Hijacking Disk Driver .
March 1, 2012
Malware Analysis Tutorial 19: Anatomy of Infected Driver .
February 25, 2012
Malware Analysis Tutorial 18: Infecting Driver Files (Part II: Simple Infection) .
February 2, 2012
Malware Analysis Tutorial 15: Injecting Thread into a Running Process .
January 31, 2012
Malware Analysis Tutorial 14: Retrieve Self-Decoding Key .
January 24, 2012
Malware Analysis Tutorial 13: Tracing DLL Entry Point .
January 19, 2012
"Simple Linear String Constraints" (DOI: 10.1007/s00165-011-0214-3) to be published by the Journal of Formal Aspects of Computing. This paper contributes in the area of constraint solving and web security. SUSHI solver has been used in discovering SQL injection and XSS vulnerabilities of web applications. A preliminary version is available here. A preview official version is available on the Springer journal site. Paginated jounal version to follow.
January 15, 2012
Dr. Fu serves as the Web Chair of the 10th International Conference on Service Oriented Computing. Submit to ICSOC'12, the forum for sharing your ground breaking discoveries in the area.
January 4, 2012
Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools .
December 29, 2011
Malware Analysis Tutorial 9: Encoded Export Table .
December 25, 2011
Malware Analysis Tutorial 8: PE Header and Export Table .
December 14, 2011
Malware Analysis Tutorial 7: Exploring Kernel Data Structure .
December 6, 2011
Malware Analysis Tutorial 6- Self-Decoding and Self-Extracting Code Segment .
October 21, 2011
Malware Analysis Tutorial 5- Int 2D in Max++ (Part III) .
October 15, 2011
Malware Analysis Tutorial 4- Int 2D Anti-Debugging (Part II) is now released.
September 15, 2011
Check out details of Malware Analysis Tutorial 3- Int 2D Anti-Debugging .
September 10, 2011
ICEScrum Server is located at 184.108.40.206:8080/icescrum. Accessible from Hofstra campus network only!
August 30, 2011
Malware Analysis Tutorial 2- Introduction to Ring3 Debugging is now available!
August 24, 2011
Check out Malware Analysis Tutorial - A Reverse Engineering Approach (Lesson 1: VM Based Analysis Platform)
July 12, 2011
Visit Dr. Fu's Security Blog for articles on malware analysis!
July 11, 2011
Technical report ``Single String Constraint Solver" is available for the technical details of SUSHI 2.0.
July 1, 2011
SUSHI 2.0 now is available for download. The latest version supports the Kaluza string constraint input format and provides various benchmark functions for performance comparison. The SUSHI solver is enhanced with various transformation techniques for broadening its applicability. We provide a VirtualBox image installation for ease the pain of configuration.
October 8, 2010
Dr. Fu will host workshop 17 (Automated Grading) at 2011 CCLI PI Conference in Washington, D.C. on January 26 - 28, 2011.
September 26, 2010
" Evolutionary Security Testing of Web Applications (Fast Abstract) " is accepted for publication at ISSRE'10.
September 21, 2010
" Relational Constraint Driven Test Case Synthesis for Web Applications " is presented at TAV-WEB 2010. PPT slides are available.
August 11, 2010
SUSHI 1.0 now is available for download. We have fixed several bugs that were recently introduced by mistake. Special attention: Unicode 0xFEFF and 0xFEFE are reserved for begin/end labels in FST.
July 4, 2010
"A String Constraint Solver for Detecting Web Application Vulnerability" is presented at SEKE 2010. PPT slides are available.
July 1, 2010
" Making Failure the Mother of Success " is accepted for publication at FIE 2010.
July 1, 2010
" Work inProgress: Intelligent Project Failure Analysis " is accepted for publication at FIE 2010.
June 12, 2010
SUSHI 0.9 and JavaSye 0.9 are both available for download.
June 1, 2010
We decide to abandon the efforts on the .Net framework. SAFELI will be working on the Java Platform only. At this moment, SAFELI = JavaSye (symbolic execution engine for Java) + SUSHI (string constraint solver). In the future, we will integrate the tool with APOGEE (test case replayer).
June 11, 2010
TAV-WEB 2010 deadline is approaching! Submit a paper here. The workshop is co-organized by Gwen Salan Grenoble INP-INRIA-LIG (France), Xiang Fu Hofstra University (US), and Sylvain Halle Universit du Qubec Montral (Canada).
June 10, 2010
APOGEE is accepted to be presented at 2011 CCLI PI Conference in Washington, D.C. on January 26 - 28, 2011.
May 20, 2010
WS-FM 2010 deadline is approaching! Submit a paper here.
May 15, 2010
Solving string constraint to discover vulnerabilities automatically! A paper on SUSHI constraint solver is accepted by SEKE 2010.
April 15, 2010
BAUT a sister system of APOGEE is presented at ITNG'10 by colleagues at SPSU.
June 1, 2009
NSF-CCLI #0836859 is finally approved by Hofstra admin. The project is now on the track.
March 15, 2009
NSF-CCLI #0836859 is funded by NSF, now waiting for Hofstra approval.