Weird machines may unintentionally help cyber attackers with their exploits, but researchers selected for our HARDEN program will seek to get to the root of the problem by depriving them of the chance in the first place. Learn more: darpa.mil/news-events/20…

blog.narfindustries.com/blog/narf-darp… Excited to share that we (Narf Industries LLC) will be working on the DARPA HARDEN program with Special Circumstances and Margin Research! I'm stoked to be working on such a stellar team on a challenging problem!

ChatGPT exploits a buffer overflow 😳

The United States and Canada at the same latitudes as Europe

Congrats @SrrReal and Bidisha! This is a great achievement. Also, what a brilliant title!

Narf's own Dr. Michael Locasto (Michael E. Locasto) is talking about secure host monitoring of ICS devices at 12:30pm tomorrow at #S4x23. Drop by and say hi!

Tenured. A very big thank you all past and present members of The Anantharaman Lab, collaborators and mentors over the years, and wonderful colleagues at UW-Madison Department of Bacteriology. Now looking ahead to the next phase as an upgraded Ass prof.

\x6d\x75\x73\x69\x63

The program for the 9th LangSec IEEE Security & Privacy Workshop on May 25, 2023 is now posted: langsec.org/spw23/workshop… Join us for two great keynotes, research paper presentations, industry research reports, and work-in-progress discussions.

We are sharing some early results from our HTTP Differential Fuzzing work. A DoS bug and two request smuggling vulnerabilities in the Cesanta Mongoose HTTP server.

A short, results-oriented post by Prashant Anantharaman and github.com/kenballus on their larger research aim of applying language-theoretic security principles to systematically analyze parsing differentials in Web servers and similar code.

Excited to work on the ARPA-H DIGIHEALS program! We will be studying parsers in digital health record software. blog.narfindustries.com/blog/narf-arpa…

Narf will be at ShmooCon 2024 this week! Our own Prashant and our 2023 intern Ben Kallus will be showcasing our discovery of 80+ HTTP bugs and exploit chains in popular web servers and CDNs. #shmoocon2024 #http

Publish 4 open access papers

The tool is called 'HTTP Garden' by Ben Kallus and Prashant Anantharaman, and aims to make testing out technique concepts quick and easy. They've already used it to discover a ton of novel techniques - check out the docs and presentation! github.com/narfindustries…

The HTTP Garden : Breaking HTTP Servers , Proxies & Load Balancers using HTTP Garden : github.com/narfindustries… prashant.at/files/shmoocon… (.ppt*) Mp4 : Shmoocon2024 : invidious.slipfox.xyz/watch?v=aKPAX0… credits Prashant Anantharaman

The LangSec IEEE Security & Privacy call for papers will remain open until February 25, thanks to IEEE's generous extension of their camera-ready deadline. Please submit your work & join us on May 23, 2024! langsec.org/spw24/

Happy New Year! If you are still looking for New year resolutions, consider submitting a paper, a research report, or a Parser Bug-of-the-Year nomination to 11th LangSec IEEE Security & Privacy '25 workshop! langsec.org/spw25/ The current deadline for papers is January 20.

So Google now refuses all my searches with "Turn on JavaScript to keep searching". I'm not sure why, but here's the thing: if I really need to turn on JS for a simple query, I'll go to a different search engine or maybe perplexity .ai. What a way to break the habit of 20+ years.