In this talk, I will discuss recent research projects at the intersection of software security and automated reasoning. Specifically, I will present our work on assessing the exploitability of the Android kernel and developing complex exploits for it, as well as our efforts to uncover bugs in Rust's unsafe code through fuzzing.Throughout the talk, I will highlight how Large Language Models (LLMs) can support both attackers and defenders in analyzing complex software systems, and I will present key lessons on using LLMs effectively along with the practical challenges that arise when integrating them into software security workflows. About the speaker: Dr. Antonio Bianchi's research interest lies in the area of Computer Security. His primary focus is in the field of security of mobile devices. Most recently, he started exploring the security issues posed by IoT devices and their interaction with mobile applications. As a core member of the Shellphish and OOO teams, he played and organized many security competitions (CTFs), and won the third place at the DARPA Cyber Grand Challenge.
