├── .gitignore ├── README.md ├── academia ├── ICSE23 - Demystifying Exploitable Bugs in Smart Contracts.pdf ├── OOPSLA19 - Practical Dependence Analysis for Binary Executables by Unbiased Whole-Program Path Sampling and Per-Path Abstract Interpretation.pdf ├── PLDI24 - Consolidating Smart Contracts with Behavioral Contracts.pdf ├── README.md ├── SECURITY23 - Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis.pdf ├── SECURITY23 - Your Exploit is Mine- Instantly Synthesizing Counterattack Smart Contract.pdf ├── SP21 - Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary.pdf ├── SP21 - Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting.pdf └── SP24 - On Large Language Models’ Resilience to Coercive Interrogation.pdf └── slides ├── BlackHatUS21 - How I use a JSON Deserialization 0day to Steal Your Money On the Blockchain.pdf ├── MOSEC23 - Killing the Ethereum VM of Ethereum Killers.pdf ├── POC22 - Rainbow Bridge To The Aurora.pdf └── ZER0CON24 - Revealing One Key Security Insight for Hardware Wallets.pdf /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .*.swp 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Offside Labs Research Papers 2 | 3 | Hey there! 👋 Welcome to our collection of research papers. Dive in to see what we've been working on! 4 | 5 | ## What's Inside 6 | 7 | - **[slides](./slides)**: All our presentation slides for various research papers. 8 | - **[academia](./academia)**: All our research papers published in top-tier academic conferences. 9 | 10 | 11 | ## Contact Us 12 | 13 | Questions? Reach out: 14 | 15 | - **Twitter**: [@Offside Labs](https://twitter.com/offside_labs) 16 | 17 | --- 18 | 19 | Thanks for stopping by! 🚀 20 | -------------------------------------------------------------------------------- /academia/ICSE23 - Demystifying Exploitable Bugs in Smart Contracts.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/academia/ICSE23 - Demystifying Exploitable Bugs in Smart Contracts.pdf -------------------------------------------------------------------------------- /academia/OOPSLA19 - Practical Dependence Analysis for Binary Executables by Unbiased Whole-Program Path Sampling and Per-Path Abstract Interpretation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/academia/OOPSLA19 - Practical Dependence Analysis for Binary Executables by Unbiased Whole-Program Path Sampling and Per-Path Abstract Interpretation.pdf -------------------------------------------------------------------------------- /academia/PLDI24 - Consolidating Smart Contracts with Behavioral Contracts.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/academia/PLDI24 - Consolidating Smart Contracts with Behavioral Contracts.pdf -------------------------------------------------------------------------------- /academia/README.md: -------------------------------------------------------------------------------- 1 | # Academic Publications 2 | 3 | Offside Labs actively conducts security research across various domains. Below is a list of our research papers published in top-tier academic conferences. 4 | 5 | Please refer to the provided PDF files if the public version of the paper is not available. 6 | 7 | 8 | ## Web3 Security 9 | 10 | + [Demystifying Exploitable Bugs in Smart Contracts](https://ieeexplore.ieee.org/document/10172700) (ICSE'23) 11 | + [Your Exploit is Mine: Instantly Synthesizing Counterattack Smart Contract](https://www.usenix.org/conference/usenixsecurity23/presentation/zhang-zhuo-exploit) (Security'23) 12 | + [Consolidating Smart Contracts with Behavioral Contracts]() (PLDI'24) 13 | 14 | 15 | ## Web2 Security 16 | 17 | + [BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-Program Path Sampling and Per-Path Abstract Interpretation](https://dl.acm.org/doi/10.1145/3360563) (OOPSLA'19) 18 | + [OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary](https://ieeexplore.ieee.org/document/9519451) (S&P'21) 19 | + [StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting](https://ieeexplore.ieee.org/document/9519407) (S&P'21) 20 | + [Pelican: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis](https://www.usenix.org/conference/usenixsecurity23/presentation/zhang-zhuo-pelican) (Security'23) 21 | 22 | ## AI Security 23 | 24 | + [On Large Language Models’ Resilience to Coercive Interrogation](https://www.computer.org/csdl/proceedings-article/sp/2024/313000a252/1WPcZ9B0jCg) (S&P'24) 25 | -------------------------------------------------------------------------------- /academia/SECURITY23 - Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/academia/SECURITY23 - Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis.pdf -------------------------------------------------------------------------------- /academia/SECURITY23 - Your Exploit is Mine- Instantly Synthesizing Counterattack Smart Contract.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/academia/SECURITY23 - Your Exploit is Mine- Instantly Synthesizing Counterattack Smart Contract.pdf -------------------------------------------------------------------------------- /academia/SP21 - Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/academia/SP21 - Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary.pdf -------------------------------------------------------------------------------- /academia/SP21 - Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/academia/SP21 - Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting.pdf -------------------------------------------------------------------------------- /academia/SP24 - On Large Language Models’ Resilience to Coercive Interrogation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/academia/SP24 - On Large Language Models’ Resilience to Coercive Interrogation.pdf -------------------------------------------------------------------------------- /slides/BlackHatUS21 - How I use a JSON Deserialization 0day to Steal Your Money On the Blockchain.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/slides/BlackHatUS21 - How I use a JSON Deserialization 0day to Steal Your Money On the Blockchain.pdf -------------------------------------------------------------------------------- /slides/MOSEC23 - Killing the Ethereum VM of Ethereum Killers.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/slides/MOSEC23 - Killing the Ethereum VM of Ethereum Killers.pdf -------------------------------------------------------------------------------- /slides/POC22 - Rainbow Bridge To The Aurora.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/slides/POC22 - Rainbow Bridge To The Aurora.pdf -------------------------------------------------------------------------------- /slides/ZER0CON24 - Revealing One Key Security Insight for Hardware Wallets.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OffsideLabs/research/25c43f0b76e7b0e169403a9a95b03498e4ef7dc1/slides/ZER0CON24 - Revealing One Key Security Insight for Hardware Wallets.pdf --------------------------------------------------------------------------------