Sergej Schumilo

Hi there!
I am a PhD student and former security researcher at Ruhr University Bochum. My current research field is hypervisor-assisted fuzzing, which enables not only fuzzing of code running on any privilege level, but also provides a huge performance boost in specific scenarios. Other than that, I am interested in low-level security, OS internals and optimizing performance-critical code.

I am also one of the main authors of several open-source projects, such as vUSBf, libxdc, kAFL (Intel’s Fork of kAFL), Redqueen, Nyx, Nyx-Net and the recently released Nyx-Framework. So, if you are interested in fast snapshot fuzzing on x86-64 systems, you should definitely check it out. You can find more information on the Nyx-Framework here. Furthermore, I have also contributed to other fuzzing projects such as GRIMOIRE, IJON and Nautilus.

Feel free to contact me via email or reach out to me on Twitter.
You can also find me on Github and Google Scholar.

Talks (Selection):

Publications (Selection):

  • Nyx-Net: Network Fuzzing with Incremental Snapshots
    EuroSys ‘22: Proceedings of the Seventeenth European Conference on Computer Systems - Cite

    Sergej Schumilo, Cornelius Aschermann, Andrea Jemmett, Ali Abbasi, Thorsten Holz
    Paper Slides Code
  • Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
    30th USENIX Security Symposium (USENIX Security 21) - Cite

    Sergej Schumilo, Ali Abbasi, Simon Wör­ner, and Thorsten Holz
    Paper Slides Code
  • IJON: Exploring Deep State Spaces via Fuzzing
    IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (“Oak­land”) - Cite

    Cor­ne­li­us Ascher­mann, Ser­gej Schu­mi­lo, Ali Ab­ba­si, Thors­ten Holz
    Paper Slides Code
  • Hy­per-Cu­be: High-Di­men­sio­nal Hy­per­vi­sor Fuz­zing
    Net­work and Di­stri­bu­ted Sys­tem Se­cu­ri­ty Sym­po­si­um (NDSS 2020) - Cite

    Ser­gej Schu­mi­lo, Cor­ne­li­us Ascher­mann, Ali Ab­ba­si, Thors­ten Holz
    Paper Slides Code
  • GRI­MOIRE: Syn­the­si­zing Struc­tu­re while Fuz­zing
    28th USENIX Security Symposium (USENIX Security 19) - Cite

    Tim Bla­zyt­ko, Cor­ne­li­us Ascher­mann, Mo­ritz Schlö­gel, Ali Ab­ba­si, Ser­gej Schu­mi­lo, Simon Wör­ner, Thors­ten Holz
    Paper Slides Code
  • REDQUEEN: Fuzzing with Input-to-State Correspondence
    Net­work and Di­stri­bu­ted Sys­tem Se­cu­ri­ty Sym­po­si­um (NDSS 2019) - Cite

    Cor­ne­li­us Ascher­mann, Ser­gej Schu­mi­lo, Tim Blazytko, Robert Gawlik, Thors­ten Holz
    Paper Slides Code
  • kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
    26th USENIX Security Symposium (USENIX Security 17) - Cite

    Ser­gej Schu­mi­lo, Cor­ne­li­us Ascher­mann, Robert Gawlik, Sebastian Schinzel, Thors­ten Holz
    Paper Slides Code

Other:

  • Design and Implementation of a Hardware Accelerated, General Purpose and Coverage-Guided Operating System Fuzzer
    M.Sc. Thesis - FH Münster (2016)

    Thesis

  • Konzeption und Implementierung einer QEMU- und KVM-basierten USB-Fuzzing Infrastruktur
    B.Sc. Thesis - FH Münster (2014)

    Thesis

Awards:

Mastodon