Willy R. Vasquez


CV || Twitter || Mastodon || GitHub || LinkedIn

I am a Ph.D. student at The University of Texas at Austin advised by Prof. Hovav Shacham and in the SPARK Research Lab. My research currently focuses on the security of hardware video decoders and building out zero-knowledge proof technologies. My interests lie in privacy, systems security, cryptosystems, and formal methods.

I am a Strauss Center Brumley Next Generation Fellow since Fall 2019 mentored by Prof. Bobby Chesney working on applications of zero-knowledge proofs to national security.

I was an M.Eng. student at the MIT Media Lab's Digital Currency Initiative advised by Neha Narula. My thesis was on the privacy and auditability of distributed ledgers, and part of it was later published at NSDI. You can read my thesis here.

I also did my undergrad at MIT where I lived in Spanish House and had research opportunities on combining attribute-based encryption with proof-of-work under Prof. Shafi Goldwasser, and on improving SMT solver performance with program synthesis under Prof. Armando Solar-Lezama.

I have worked full time at Raytheon BBN Technologies, and interned at Trail of Bits (Winter '23), Cirrus Logic (Fall '21), Samsung Austin R&D Center (SARC) (Summer '19), Microsoft Research (Summer '18), Symantec (Summers '13 and '14), Secunetics (IAP '14), and Lockheed Martin (Summer '12).


Willy R. Vasquez, Stephen Checkoway, and Hovav Shacham. The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders. In Usenix Security. Anaheim, California, 2023. [pdf]
Associated CVEs: CVE-2022-48434, CVE-2022-42850, CVE-2022-42846, CVE-2022-32939, and CVE-2022-3266.

Neha Narula, Willy Vasquez, and Madars Virza. Privacy-preserving Auditing on Distributed Ledgers. In NSDI. Renton, Washington, 2018. [pdf]

Recent Adventures

My team Inject;Pwn;Repeat was a semi-finalist in the 2023 Austin Cyber 9/12 Competition. We won best Decision Document!

CVE-2022-42850 and CVE-2022-42846 were addressed in iOS and iPadOS 15.7.2 and iOS and iPadOS 16.2.

CVE-2022-32939 was addressed in iOS and iPadOS 15.7.1 and iOS 16.1 and iPadOS 16.

My team Global SXSW was a finalist in the 2022 MIT Policy Hackathon. Check out our presentation here!

I got my first CVE: CVE-2022-3266. Be sure to update your Firefox!

My team {alg:none} was a finalist in the 2021 MIT Policy Hackathon. Check out our presentation here!

My 2020-2021 Atlantic Council Cyber 9/12 Competition adventures have been detailed by UT Strauss Center and The Manuscript Podcast.

I wrote a review of Spice for the MIT DCI Cryptocurrency Research Review.

I have participated in the Atlantic Council Cyber 9/12 Competition as Longhorn APT, Longhorn Command, and Deep State Machine 5 (DSM5)!

I attended Real World Crypto '19. Write up of my experience.

I attended NSDI '18.

I attended Real World Crypto '18.

I attended the DeepSpec Summer School '17 where I participated in the Coq Intensive and learned about formally verified systems

I attended PLMW@POPL '17 in Paris!

I attended Real World Crypto '17. It was awesome! Write up of my experience.

I participated in the 2014 Battelle CyberAuto Challenge



FyreBox - Encrypted File System

Bulletproofs Implementation in Go


I was Vice President of the MAES Boston Professional Chapter.

Steganography Challenge for High Schoolers

Consejera: A platform for parents to help their children succeed


MIT ECCSF Winter 2015: Latinos in Entrepreneurship Conference


I am co-founder of GraduatE ECE (GREECE) @ UT whose mission is to interact with ECE graduate students across labs and tracks and foster a sense of community within the UT Graduate ECE department. We host social events, industry events, and provide a voice to the administration on behalf of students' needs.

I am an MIT Arts Scholar interested in visualizing privacy leakages in everyday interactions, and exploring ways to visualize binary executions to get insights, similar to ..cantor.dust.. or DARPA's Cyber Grand Challenge.

More to come...