Sergej Schumilo

Hi there!
I am a PhD student and former security researcher at Ruhr University Bochum. My current research field is hypervisor-assisted fuzzing, which enables not only fuzzing of code running on any privilege level, but also provides a huge performance boost in specific scenarios. Other than that, I am interested in low-level security, OS internals and optimizing performance-critical code.

I am also one of the main authors of several open-source projects, such as vUSBf, libxdc, kAFL (Intel’s Fork of kAFL), Redqueen, Nyx, Nyx-Net and the recently released Nyx-Framework. So, if you are interested in fast snapshot fuzzing on x86-64 systems, you should definitely check it out. You can find more information on the Nyx-Framework here. Furthermore, I have also contributed to other fuzzing projects such as GRIMOIRE, IJON and Nautilus.

Feel free to contact me via email or reach out to me on Twitter.
You can also find me on Github and Google Scholar.

Talks (Selection):

• Intel Hardware Security: Nyx
  Intel Hardware Security Award 2022

• Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
  USENIX Security 2021

• Stateful Fuzzing with Snapshots
  FuzzCon Europe 2020

• HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
  NDSS Symposium 2020

• What the Fuzz
  BlackHat Europe 2019

• kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
  USENIX Security 2017

Publications (Selection):

• Nyx-Net: Network Fuzzing with Incremental Snapshots
  EuroSys ‘22: Proceedings of the Seventeenth European Conference on Computer Systems - Cite
  Sergej Schumilo, Cornelius Aschermann, Andrea Jemmett, Ali Abbasi, Thorsten Holz
  Paper Slides Code
• Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
  30th USENIX Security Symposium (USENIX Security 21) - Cite
  Sergej Schumilo, Ali Abbasi, Simon Wör­ner, and Thorsten Holz
  Paper Slides Code
• IJON: Exploring Deep State Spaces via Fuzzing
  IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (“Oak­land”) - Cite
  Cor­ne­li­us Ascher­mann, Ser­gej Schu­mi­lo, Ali Ab­ba­si, Thors­ten Holz
  Paper Slides Code
• Hy­per-Cu­be: High-Di­men­sio­nal Hy­per­vi­sor Fuz­zing
  Net­work and Di­stri­bu­ted Sys­tem Se­cu­ri­ty Sym­po­si­um (NDSS 2020) - Cite
  Ser­gej Schu­mi­lo, Cor­ne­li­us Ascher­mann, Ali Ab­ba­si, Thors­ten Holz
  Paper Slides Code
• GRI­MOIRE: Syn­the­si­zing Struc­tu­re while Fuz­zing
  28th USENIX Security Symposium (USENIX Security 19) - Cite
  Tim Bla­zyt­ko, Cor­ne­li­us Ascher­mann, Mo­ritz Schlö­gel, Ali Ab­ba­si, Ser­gej Schu­mi­lo, Simon Wör­ner, Thors­ten Holz
  Paper Slides Code
• REDQUEEN: Fuzzing with Input-to-State Correspondence
  Net­work and Di­stri­bu­ted Sys­tem Se­cu­ri­ty Sym­po­si­um (NDSS 2019) - Cite
  Cor­ne­li­us Ascher­mann, Ser­gej Schu­mi­lo, Tim Blazytko, Robert Gawlik, Thors­ten Holz
  Paper Slides Code
• kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
  26th USENIX Security Symposium (USENIX Security 17) - Cite
  Ser­gej Schu­mi­lo, Cor­ne­li­us Ascher­mann, Robert Gawlik, Sebastian Schinzel, Thors­ten Holz
  Paper Slides Code

Other:

• Design and Implementation of a Hardware Accelerated, General Purpose and Coverage-Guided Operating System Fuzzer
  M.Sc. Thesis - FH Münster (2016)
  Thesis

• Konzeption und Implementierung einer QEMU- und KVM-basierten USB-Fuzzing Infrastruktur
  B.Sc. Thesis - FH Münster (2014)
  Thesis

Awards:

• Finalist of the 9th German IT Security Award (2022)
  Our novel research on Nyx made it into the top ten projects.

• Intel Hardware Security Award (2022)
  Award for novel research on Nyx, 2nd Place ($50.000)

• Bernard-Rincklake-Preis für die Spitzenleistungen eines Jahrgangs (2018)
  Awarded for the best master’s thesis of the year at the FH Münster University of Applied Science (1.500€).

• Univention Open Source Absolventpreis (2015)
  Awarded for the development and release of the fuzzer vUSBf, 3th Place (500€)