My name is Ali Ranjbar. I am a fourth-year Ph.D. candidate in the Systems and Network Security (SyNSec) Research Group at Penn State University. Iâm working as a graduate research assistant with Dr. Syed Rafiul Hussain.
My research interests include vulnerability discovery, fuzz testing, program analysis, and operating systems, with a particular emphasis on embedded systems security.
News
[July â25] âOpen RAN, Open Risk: Uncovering Threats and Exposing Vulnerabilities in Next-Gen Cellular RANâ has been accepted to Black Hat USA 2025.
[June â25] Acknowledged in Googleâs Android security acknowledgements for disclosing CVE-2025-26785; awarded a bounty for the report.
[May â25] âUncovering âNAStyâ 5G Baseband Vulnerabilities through Dependency-Aware Fuzzingâ has been accepted to Black Hat USA 2025.
[May â25] Acknowledged in Samsungâs Product Security Update Bulletins for disclosing CVE-2025-26784, CVE-2025-26785, and CVE-2025-27891; awarded a bounty for the reports.
[May â25] Presented âStateful Analysis and Fuzzing of Commercial Baseband Firmwareâ at the IEEE S&P 2025.
[March â25] Acknowledged in Samsungâs Product Security Update Bulletins for disclosing CVE-2024-52923 and CVE-2024-52924; awarded a bounty for the reports.
[March â25] âStateful Analysis and Fuzzing of Commercial Baseband Firmwareâ has been accepted to the 46th IEEE Symposium on Security and Privacy.
[January â25] âCoreCrisis: Threat-Guided and Context-Aware Iterative Learning and Fuzzing of 5G Core Networksâ has been accepted to the 34th USENIX Security Symposium.
[December â24] Successfully passed my Ph.D. Comprehensive Exam.
[May â24] âORANalyst: Systematic Testing Framework for Open RAN Implementationsâ has been accepted to the 33rd USENIX Security Symposium.
[March â24] Acknowledged in Googleâs Android security acknowledgements for disclosing CVE-2024-0045.
[October â23] âHermes: Unlocking Security Analysis of Cellular Network Protocols by Synthesizing Finite State Machines from Natural Language Specificationsâ has been accepted to the 33rd USENIX Security Symposium.
[July â22] Awarded a complimentary Academic Pass to Black Hat USA Briefings.