Gabriel Sherman

Ph.D. Student, University of Utah | Computer Security

Research Interest

My research focuses on fuzz testing, with a strong passion for proactively securing widely used software. I am particularly interested in extending fuzz testing to previously unexplored areas. My current work centers on automating harness generation for open-source libraries. Some of the bugs I have found can be found here.

Publications

  1. No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses
    • Gabriel Sherman and Stefan Nagy
    • International Conference on Software Engineering (ICSE ‘25)

Invited Talks & Articles

Title Event Date
Checksec Anywhere: Checksec Without Boundaries Trail of Bits Intern Showcase 07/2025
Introduction to Fuzzing University of Utah Cybersecurity Club 03/2025
Automated Bug Finding Kahlert School of Computing 09/2024
Automatic Harness Generation for C-based Libraries Empite Hacking NYC 08/2024
Automated Harness Generation Mountain West Undergraduate Research Showcase 11/2023

  • Harnessing 101: A Beginner's Guide to Fuzzing Harnesses

     By Gabriel Sherman

    Posted on September 17, 2025

    As a newcomer to the computer security world working on my first paper, No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses, I inevitably spent countless hours studying, building, and running fuzzing harnesses. This guide aims to answer the questions and issues I struggled with early on,... [Read More]
    Tags: