Karolina GORNA (Security Researcher, Ledger)
Karolina Gorna is a PhD candidate at Télécom Paris, conducting her research with the Ledger Donjon on vulnerability detection and formal methods. She holds an ANSSI ESSI certification and previously led KRYPTOSPHERE, a tech student association of over 500 members across France. When she is not chasing silent integer overflows, she organizes and competes in hackathons including NASA Space Apps Challenge and ETH Global. She has also delivered technical training for AFORP and MIT Professional Education, and enjoys bridging academic research with hands-on security practice.
Session
Go powers critical infrastructure, but analyzing compiled Go binaries for security issues remains difficult in practice.
In this talk, we present Zorya, an open-source concolic analysis framework designed to detect vulnerabilities directly at the binary level, including bugs that do not immediately crash the program.
We will show how Zorya combines runtime state recovery, symbolic reasoning, and constraint solving with the Z3 SMT solver to analyze real-world Go targets. Attendees will learn where traditional approaches fall short, how Zorya helps uncover exploit-relevant paths, and how this can improve real security audit workflows.