Hi! I am a binary security researcher who explores the more formal aspects of program analysis. In my PhD research, I worked on novel methods for code deobfuscation, fuzzing and bug triaging. Nowadays, I co-founded a emproof, where we build code obfuscation schemes and binary hardening solutions tailored to embedded devices. Moreover, I give trainings on reverse engineering & code deobfuscation, analyze malware and perform security audits. From time to time, I publish new articles on my reverse engineering blog. You can also subscribe to its RSS feed.
You can contact me at tim@blazytko.to. Please use my PGP key for confidential requests. Feel also free to follow me on Twitter, Bluesky, Mastodon, GitHub, YouTube and LinkedIn.
| Training: | Software Deobfuscation Techniques | |
| Dates: | June 23-26, 2025 | |
| Location: | REcon Montreal, Canada | |
| Price: | 5500$ CAD before May 1, 6000$ CAD after | |
| Register: | REcon 2025 |
| Training: | Software Deobfuscation Techniques | |
| Dates: | October 6-9, 2025 | |
| Location: | Hexacon Paris, France | |
| Price: | 4800€ | |
| Register: | Hexacon 2025 |
The Future of Reverse Engineering with Large Language Models
REcon 2024, Montreal
slides
code
recording
Unveiling Malicious Behavior in Unknown Binaries
Swiss Cyber Storm 2023, Berne
slides
recording
Unveiling Secrets in Binaries using Code Detection Strategies
REcon 2023, Montreal
slides
recording
code
Evolution Of Learning: What Cyber Security Training Looks Like In 2023 (Panel Discussion)
HITBSecConf2023, Amsterdam
recording
The Next Generation of Virtualization-based Obfuscators (Updated Version)
HITBSecConf2023, Amsterdam
slides
recording
The Next Generation of Virtualization-based Obfuscators
REcon 2022, Montreal
slides
recording
Workshop: Analysis of Virtualization-based Obfuscation
r2con2021, Remote
slides
recording
code
Workshop: Semi-automatic Code Deobfuscation
HITBSecConf2021 Amsterdam, Remote
slides
code
Workshop: Semi-automatic Code Deobfuscation
r2con2020, Remote
slides
recording
code
Aurora: Statistical Crash Analysis for Automated Root Cause Explanation
USENIX Security Symposium 2020 (USENIX
slides
recording
paper
code
Breaking State-of-the-Art Binary Code Obfuscation via Program Synthesis
Black Hat Asia 2018, Singapore
slides
recording
Breaking State-of-the-Art Binary Code Obfuscation
REcon 2018, Brussels
slides
Let's break modern binary code obfuscation
34th Chaos Communication Congress (
slides
recording
Syntia: Synthesizing the Semantics of Obfuscated Code
USENIX Security Symposium 2017 (USENIX
slides
recording
paper
code
Introduction to Program Synthesis
secUnity Winter School on Binary Analysis 2017, Bochum
slides
Constraint Solving for Reverse Engineers
secUnity Winter School on Binary Analysis 2017, Bochum
slides
Jit-Picking: Differential Fuzzing of JavaScript Engines
ACM Conference on Computer and Communications Security 2022 (CCS 2022)
Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, Thorsten Holz.
paper
code
Exorcist: Automated Differential Analysis to Detect Compromises in Closed-Source Software Supply Chains
ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses 2022 (SCORED'22)
Frederick Barr-Smith, Tim Blazytko, Richard Baker, Ivan Martinovic.
paper
Loki: Hardening Code Obfuscation Against Automated Attacks
USENIX Security Symposium 2022 (USENIX
Moritz Schloegel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz, Ali Abbasi.
paper
slides
recording
Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
European Symposium on Research in Computer Security (
Moritz Schloegel, Tim Blazytko, Julius Basler, Fabian Hemmer, Thorsten Holz.
paper
code
Reasoning about Software Security via Synthesized Behavioral Substitutes
Doctoral Thesis (2020)
Tim Blazytko.
pdf
Aurora: Statistical Crash Analysis for Automated Root Cause Explanation
USENIX Security Symposium 2019 (USENIX
Tim Blazytko, Moritz Schloegel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Woerner, Thorsten Holz.
paper
slides
recording
code
Grimoire: Synthesizing Structure while Fuzzing
USENIX Security Symposium 2019 (USENIX
Tim Blazytko, Cornelius Aschermann, Moritz Schloegel, Ali Abbasi, Sergej Schumilo, Simon Woerner, Thorsten Holz.
paper
slides
recording
code
Redqueen: Fuzzing with Input-to-State Correspondence
Network and Distributed System Security Symposium (
Cornelis Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz.
paper
slides
recording
code
Towards Automated Generation of Exploitation Primitives for Web Browsers
Annual Computer Security Applications Conference (
Behrad Garmany, Martin Stoffel, Robert Gawlik, Philipp Koppe, Tim Blazytko, Thorsten Holz.
paper
Syntia: Synthesizing the Semantics of Obfuscated Code
USENIX Security Symposium 2017 (USENIX
Tim Blazytko, Moritz Contag, Cornelius Aschermann, Thorsten Holz.
paper
slides
recording
code
Towards Automated Discovery of Crash-Resistant Primitives in Binaries
IEEE/IFIP International Conference on Dependable Systems and Networks 2017 (
Benjamin Kollenda, Enes Goktas, Tim Blazytko, Philipp Koppe, Robert Gawlik, R.K. Konoth, Cristiano Giuffrida, Herbert Bos, Thorsten Holz.
paper
Static Data Flow Analysis and Constraint Solving to Craft Inputs for Binary Programs
M.Sc. Thesis (2015)
Tim Blazytko.
pdf