My name is Ali Ranjbar. I am a fourth-year Ph.D. candidate in the Systems and Network Security (SyNSec) Research Group at Penn State University. I’m working as a graduate research assistant with Dr. Syed Rafiul Hussain.
My research interests include vulnerability discovery, fuzz testing, program analysis, and operating systems, with a particular emphasis on embedded systems security.
News
[June ‘25] Acknowledged in Google’s Android security acknowledgements for disclosing CVE-2025-26785; awarded a bounty for the report.
[May ‘25] “Uncovering ‘NASty’ 5G Baseband Vulnerabilities through Dependency-Aware Fuzzing” has been accepted to Black Hat USA 2025.
[May ‘25] Acknowledged in Samsung’s Product Security Update Bulletins for disclosing CVE-2025-26784, CVE-2025-26785, and CVE-2025-27891; awarded a bounty for the reports.
[May ‘25] Presented “Stateful Analysis and Fuzzing of Commercial Baseband Firmware” at the IEEE S&P 2025.
[March ‘25] Acknowledged in Samsung’s Product Security Update Bulletins for disclosing CVE-2024-52923 and CVE-2024-52924; awarded a bounty for the reports.
[March ‘25] “Stateful Analysis and Fuzzing of Commercial Baseband Firmware” has been accepted to the 46th IEEE Symposium on Security and Privacy.
[January ‘25] “CoreCrisis: Threat-Guided and Context-Aware Iterative Learning and Fuzzing of 5G Core Networks” has been accepted to the 34th USENIX Security Symposium.
[December ‘24] Successfully passed my Ph.D. Comprehensive Exam.
[May ‘24] “ORANalyst: Systematic Testing Framework for Open RAN Implementations” has been accepted to the 33rd USENIX Security Symposium.
[March ‘24] Acknowledged in Google’s Android security acknowledgements for disclosing CVE-2024-0045.
[October ‘23] “Hermes: Unlocking Security Analysis of Cellular Network Protocols by Synthesizing Finite State Machines from Natural Language Specifications” has been accepted to the 33rd USENIX Security Symposium.
[July ‘22] Awarded a complimentary Academic Pass to Black Hat USA Briefings.