0x66726f6dbah//R&D Dept. in SolarPV

I study how complex systems fail. Kernel internals, binary exploitation, protocol analysis, and the occasional compiler bug. Located somewhere between the kernel and userspace.

affilMIT CSAIL
progPhD candidate, 2021–
prevGoogle Project Zero
available for consulting
01 Publications
2024
Phantom Mappings: Exploiting Memory Aliasing in the Linux Page Cache ★ Best Paper
USENIX Security '24
kernel memory safety LPE
2024
SyscallGraph: Static Taint Tracking Across Privilege Boundaries
IEEE S&P '24
static analysis taint tracking LLVM
2023
KCFI Bypass via Speculative Type Confusion in JIT-compiled Code
CCS '23
spectre CFI JIT
2022
Dead Code Resurrection: Weaponizing Compiler Optimizations for Code Reuse
NDSS '22
ROP compiler exploit dev
02 Environment
bash — holloway@void: ~
$ uname -a
Linux void 6.8.0-custom #1 SMP x86_64 GNU/Linux
$ cat .interests
kernel exploitation · binary analysis · fuzzing · type safety · compilers
side-channel attacks · formal verification · reversing · hardware security
$ ls -la tools/
drwxr-xr-x  gdb-pwndbg/
drwxr-xr-x  ida-pro/
drwxr-xr-x  angr-scripts/
drwxr-xr-x  syzkaller-configs/
-rwxr-xr-x  kernel-build.sh
$ echo $EDITOR
vim # obviously
$  
03 Projects
01
C / Python
syzpatch
Kernel syscall fuzzer with semantic-aware mutation for structured input types. 3× faster bug discovery on fs drivers.
→ github
02
Rust
qemu-introspect
QEMU plugin for live kernel memory introspection. Tracks object lifetimes and flags dangling references.
→ github
03
Python / LLVM
cfgraft
Control-flow graph diffing for stripped binaries. Identifies structural changes across patch versions.
→ github
04
C++
specprobe
Micro-benchmarking suite for speculative execution side-channels. Covers Spectre v1/v2, MDS, and TAA variants.
→ github
04 Notes & Writing
2024-11-02 How the page cache gets confused: a deep dive into folio aliasing 2024-09-15 Writing a QEMU TCG plugin from scratch in Rust 2024-07-28 Compiler-assisted gadget generation: theory and practice 2024-04-11 Debugging kernel panics with pwndbg and QEMU 2024-01-30 Static taint analysis: when it works and when it doesn't 2023-11-08 An annotated reading list for binary exploitation beginners
05 Contact
email a.holloway@csail.mit.edu
pgp 0xDEAD C0DE 4F32 A819
github github.com/aholloway
mastodon @holloway@infosec.exchange