Root Cause

Twitter
GitHub
LinkedIn
Keybase
Research
About
Email

I am currently a staff security engineer at Square in NYC where I am building mobile security things.

Before joining Square I was Director of Penetration Testing and Red team at Yahoo in NYC. Where I performed penetration testing, and vulnerability research in both proprietary and open source software. While at Yahoo I also developed and published the Yahoo security vulnerability disclosure policy and worked closely with industry peers to respond to the Wassenaar Intrusion Software export controls.

I founded Leaf Security Research in 2011, a boutique consulting service backed by custom security research. Our services included source code audits, penetration testing, reverse engineering, training. We performed security audits for many customers with a real world focus and the goal of helping them improve the security of increasingly complex software. While running Leaf SR I developed a unique training course titled “Advanced C/C++ Source Code Analysis” which I delivered to private customers and multiple sold out Black Hat USA classes.

My technical background centers around vulnerability research and exploit development. My experience includes source code audits, reverse engineering and fuzzing on targets ranging from desktop applications, embedded game consoles, mobile devices to smart meters. My non-technical experience includes people management, principal consultant and mentor, managing customer relationships, launching internal research initiatives, and founder.

Prior to founding Leaf SR I was a Principal Security Consultant at Matasano Security in NYC. While at Matasano I had the opportunity to do hands on technical security consulting projects for many different types of businesses.

I've been a full time developer where I wrote code for intrusion detection and prevention software on the OpenBSD operating system. Part of this work required modifying the kernel pf subsystem to do inline packet hooking from user space long before it was officially supported.

I started my career in 2003 supporting the US Army CERDEC in the Information Assurance Division.

I've been invited to give talks on the topic of software security and past research that I've published. I've guest lectured at NYU Poly in Brooklyn NY and I've been published in IEEE ‘Security and Privacy’ magazine. I also sit on the Black Hat content review board.


Modern Memory Safety in C/C++ - Open Source Training Slides

Published Conference Talks


Offense at Scale - BSides NOLA Keynote 2015, Empire Hacking
Google Native Client - Analysis Of A Secure Browser Plugin Sandbox Black Hat USA 2012
Attacking Client Side JIT Compilers Black Hat USA 2011
Ruby For Pentesters Black Hat USA 2009
Reverse Engineering With Leaf (2008 CarolinaCon)

Public Vulnerability Research



Bro IDS Multiple BinPac Out Of Bounds Read CVE-2014-9586
Suricata DCERPC Out Of Bounds Read/Write (2.0.7)
Firefox 3.6/4.0.1 Array.reduceRight Info Leak / Remote Code Execution (mfsa2011-22)

Firefox 3.6.9 Frameset Parsing Heap Overflow (mfsa2010-50)

Internet Explorer 8 HTML Element Memory Corruption (MS10-035)

Internet Explorer 8 Uninitialized Memory Corruption (MS10-035)

Chrome 8, Safari 5 Webkit CSS Font Face Parsing Type Confusion Info Leak (CVE-2010-4577)

Google Native Client Security Contest 2nd Place
Opera 9.5 FTP URI Parsing Heap Overflow (Opera Bug #901)



Podcasts

Council On Foreign Relations with Micah Zenko (link)
BankInfoSecurity with Mathew Schwartz (link)
Risky.biz with Patrick Gray (link)