# Michał Zalewski

> Polish hacker

**Wikidata**: [Q615582](https://www.wikidata.org/wiki/Q615582)  
**Wikipedia**: [English](https://en.wikipedia.org/wiki/Michał_Zalewski)  
**Source**: https://4ort.xyz/entity/micha-zalewski

## Summary  
Michał Zalewski is a Polish computer scientist and security researcher best known for his influential work in software vulnerability discovery and security tools development. He currently works at Google and has made significant contributions to cybersecurity through open-source projects and technical publications.

## Biography  
- Born: January 19, 1981  
- Nationality: Poland  
- Education: Not specified  
- Known for: Security research, fuzzing techniques, and vulnerability discovery  
- Employer(s): Google  
- Field(s): Computer science, cybersecurity, software engineering  

## Contributions  
Michał Zalewski has developed several widely used tools and methodologies in the field of software security. Among his most recognized contributions is **American Fuzzy Lop (AFL)**, a genetic algorithm-based fuzzing tool released in 2013, which revolutionized automated bug finding in binary programs. AFL has been instrumental in identifying thousands of critical vulnerabilities across various systems and remains a standard in both industry and academia.

He also authored the acclaimed book *Silence on the Wire* (2005), which explores network protocol analysis and隐蔽 communication channels. His earlier work includes the creation of **Peach**, a framework for fuzz testing and fault injection, and numerous whitepapers detailing novel exploitation techniques.

Zalewski's research into memory corruption, browser security, and input handling has shaped modern defensive strategies in software development. Much of his output is publicly available through his personal website and GitHub repositories, continuing to influence ethical hackers and developers worldwide.

## FAQs  
### Q: Who is Michał Zalewski?  
A: Michał Zalewski is a Polish computer scientist and security researcher known for creating tools like American Fuzzy Lop (AFL) and advancing the practice of fuzzing in software security. He currently works at Google.

### Q: What is American Fuzzy Lop (AFL)?  
A: American Fuzzy Lop (AFL) is an open-source fuzzer developed by Michał Zalewski in 2013. It uses genetic algorithms to efficiently discover bugs in software binaries and has become a cornerstone tool in vulnerability research.

### Q: What books has Michał Zalewski written?  
A: Michał Zalewski authored *Silence on the Wire* (2005), a book focused on low-level network communications and covert channel analysis, regarded as essential reading in information security circles.

## Why They Matter  
Michał Zalewski’s innovations have fundamentally altered how software vulnerabilities are discovered and mitigated. His development of AFL introduced scalable, intelligent fuzzing to mainstream use, enabling engineers and researchers to detect flaws more effectively than ever before. The widespread adoption of AFL in tech companies, government agencies, and open-source projects underscores its practical impact.

His theoretical and applied work continues to shape defensive coding practices, compiler design, and exploit mitigation strategies. Without his contributions, many vulnerabilities might remain undetected longer, increasing systemic risk in digital infrastructure.

## Notable For  
- Creator of **American Fuzzy Lop (AFL)**, a groundbreaking fuzzing tool adopted globally  
- Author of *Silence on the Wire*, a seminal text in network security  
- Longtime security engineer at **Google**, contributing to core platform integrity  
- Developer of Peach, an early framework for fault injection and fuzz testing  
- Influential figure in public discourse around software robustness and exploit development  

## Body  

### Early Life and Identity  
Michał Zalewski was born on January 19, 1981, in Poland. He identifies as male and holds Polish citizenship. His professional name is sometimes rendered as “Michal” due to transliteration differences. He maintains a strong online presence under the handle `lcamtuf`, including Twitter and Mastodon accounts.

### Career and Affiliation  
Zalewski is employed at **Google**, where he contributes to software security efforts. Prior to joining Google, he established himself as a leading independent security researcher with global recognition. His affiliation with major tech platforms reflects his expertise in large-scale system hardening.

### Tools and Projects  
#### American Fuzzy Lop (AFL)
Released in 2013, AFL became one of the most impactful open-source fuzzers. By combining instrumentation feedback with evolutionary algorithms, it dramatically improved bug-finding efficiency over prior methods. Key features include:
- Coverage-guided mutation-based fuzzing
- Easy integration with existing build environments
- Support for persistent mode and shared-memory test cases

AFL has been forked into multiple variants (e.g., AFL++), extended for custom applications, and integrated into continuous integration pipelines across industries.

#### Peach Framework
Before AFL, Zalewski contributed to Peach—a cross-platform fuzzing and fault-injection framework designed for complex protocols and file formats. Though later maintained by other teams, Peach laid foundational ideas reused in subsequent tools.

#### Other Open Source Work
Much of his code and documentation can be found on his personal site (`http://lcamtuf.coredump.cx`) and GitHub profile. These resources often accompany talks and blog posts that analyze subtle aspects of program behavior and attack surface reduction.

### Publications  
#### *Silence on the Wire* (2005)
This book examines hidden patterns in network traffic and proposes unconventional approaches to passive reconnaissance and covert signaling. It remains influential among penetration testers and reverse engineers.

#### Technical Papers and Blogs
Zalewski regularly publishes detailed write-ups analyzing obscure behaviors in operating systems, browsers, and compilers. Topics range from memory layout predictability to side-channel timing attacks. Many such writings are hosted on his personal website.

### Recognition and Influence  
While no formal awards are listed, Zalewski's influence extends broadly through citations in academic literature, adoption of his tools by major vendors, and frequent speaking engagements at top-tier conferences like Black Hat and DEF CON. His work is referenced in university curricula and corporate training materials alike.

### Online Presence  
He maintains active profiles on:
- **Twitter**: @lcamtuf (since June 2009)
- **Mastodon**: @lcamtuf@infosec.exchange (since November 2022)

As of late 2022, he had over 32,000 followers on Twitter and growing engagement on decentralized platforms. His posts often highlight new findings in software reliability and offensive research trends.

## References

1. Virtual International Authority File
2. BnF authorities
3. International Standard Name Identifier
4. [Source](https://viaf.org/viaf/data/viaf-20230206-links.txt.gz)
5. Integrated Authority File
6. Freebase Data Dumps. 2013
7. IdRef
8. [2022](https://infosec.exchange/@lcamtuf/109287044415577435)
9. National Library of Israel Names and Subjects Authority File