They who can give up essential liberty
to obtain a little temporary safety,
deserve neither liberty nor safety.

Benjamin Franklin, 1775


januar 2024

Working all alone since Covid was no fun. Therefore I decided to go corporate again and joined a very good security consultant company as a team lead - earning half as much, working more, but also enjoying my work a lot so it was worth it :-) I lead my projects now at Security Research Labs - inhouse trainings zu Secure Development and Fuzzing however I can still offer independantly!

december 2023

Two projects of my girlfriend: and

june 2023

Google commended me on my open source initiative:

march 2023

ChatGPT4 knows me :-)

"Marc Heuse is a German IT security expert and ethical hacker known for his contributions to the network and computer security industry. He is best known for his work on the "The Hacker's Choice" (THC) collective, where he operates under the pseudonym "VanHauser." THC is a group of hackers and security researchers who develop various open-source tools and programs aimed at uncovering security vulnerabilities in computer systems and networks. Some of the most well-known tools developed by Marc Heuse and the THC team include Hydra, Amap, and Scanrand.

Marc Heuse has worked in various areas of IT security, using his knowledge and experience to identify weaknesses in computer systems and networks and develop appropriate countermeasures. His work is intended to improve the security of computers and networks by exposing vulnerabilities and suggesting solutions."

december 2022

I wish everyone happy holidays!

may 2022

moved to a new server, the old one was running for over 12 years!

february 2022

AFL++ 4.0 released with huge improvements; Hydra 9.3 released with minor improvements :-) ... fully booked until end of April

october 2021

I am booked out until the end of the year. I successfully passed again the tisax 5.0 high protection security certification.

july 2021

do good and tell everyone about it: every year I donate 6000 Euro to the animal shelter in Berlin and for education of kids in the philippines.

april 2021

as microsoft is seemingly doing nothing against spammer abusing the Azure cloud and Outlook365 services, I have blocked any access from these. You will have to use an alternative Email to reach me if you use O365. Thank you.

december 2020

due to the pandemic everything slowed down a bit and happens now from home ... but there are now the afl++ v3.0 and thc-ipv6 3.8 releases :-) Happy holidays!

july 2020

over the last year afl++ became the best fuzzer available - by independant assessments: Google's FuzzBench Fuzzer Benchmark Assessment from July 2020

I also participated in an academic paper that was accepted for the 14th USENIX Workshop on Offensive Technologies: AFL++: Combining incremental steps of fuzzing research

march 2020

a lot has happend the last months, so here are the highlights:

my afl++ project attracted 3 talented security guys, and we are making the project so much better at such a fast pace - it is amazing! It is that good that is was selected to be in Google Summer of Code :-)

I am performing a training on fuzzing source code and binary programs at the Troopers conference

I wrote an article on the effectiveness of security static code analysis tools which is online now: heise developer: statische code analyse auf dem prüfstand (GERMAN)

june 2019

since afl is not being maintained since fall 2017 and i am collecting afl community patches for over a year i created an update afl++. increased performance in llvm and qemu mode, bug fixes and new featres. plus I added the enhanced performance from aflfast. in other words its the best afl out there :)

afl++ at github

may 2019

i just released version9.0 of hydra: new modules rdp, mongodb and memcached

hydra at github

april 2019

the quality of my security servies are now certified by iso 9001:2015!

january 2019

i wish everyone a happy new year!

2019 was already started enthusiastically by me - I made new releases of hydra and thc-ipv6 available, additionally afl-dyninst now supports dyninst 10!

that being said, I am currently getting my processes iso 9001 certified :)

hydra at github thc-ipv6 at github afl-dyninst at github

november 2018

I am now tisax level 3 security certified for handling prototypes and information with high protection requirements.

happy holidays!

august 2018

new things:

afl-dynamorio enables blackbox binary fuzzing with alf-fuzz through dynamorio

afl patches is a collection of patches for afl that improve performance, coverage, features - or fixes bugs.

additionally I improved the performance of afl-dyninst which is now by far the fastest guided fuzzer solution for blackbox binaries.

afl with dynamorio afl patches afl-dyninst

march 2018

happy eastern! and I brought gifts:

afl-pin enables blackbox binary fuzzing with alf-fuzz through pintool

afl-simulate simulates afl-fuzz to benchmark performance of e.g. afl-pin, afl-dynamorio and afl-dyninst

additionally I am now the co-author of afl-dyninst :)

afl with pintool afl-fuzz simulator afl-dyninst

january 2018

i just released version 3.4 of my ipv6 pentest toolkit.

happy new year!

december 2017

about 20 years ago I coded the proof-of-concept tool rwwwshell. today it can be seen used in the tv series mr.robot in season 2 episode 12 and season 3 episode 1 :)

i wish everyone happy holidays and a great new year!

august 2017

at the (german) heise conference for secure software development (24-26 october 2017) I will do a talk about the (in-)security impact of processors and compilers on the machine code created.

my talk at heise secdev 2017 (german)

july 2017

attention: by availability for the rest of 2017 is already getting low!
and i just released version 8.6 of hydra

hydra at github

may 2017

i just released version 8.5 of hydra

hydra at github

april 2017

the new design of the web page is there :)
happy eastern!

december 2016

the year worked out perfectly well with interesting projects and a lot of work. thank you for your trust in me! i wish everyone a happy xmas and a wonderful new year!
my ipv6 pentest & security training will be held for a last time for north america at the cansecwest security conference in vancouver from the 12-13th march 2017.
inhouse training are possible though, just contact me.

IPv6 Pentest & Security Training, CanSecWest conference, 12-13 March 2017, Vancouver, Canada

october 2015

presentations, keynotes & trainings in singapore, spain, netherlands, austria, ... and i'm booked out until beginning of next year :)

march 2015

many presentations and keynotes at international conferences, booked out with projects - thank you for a great 2014!

what makes my work & results special

  • it-security competence since 1994 - few people have more experience
  • clarity on vulnerabilities in your critical infrastructure
  • practical and down-to-earth recommendations which respect the organisation and processes
  • know-how transfer with the results and better awareness among your team
  • my systems, processes and office is certified by tisax 3.0 for advanced protection requirements
  • my processes have been certified for their quality by ISO 9001
download my cv