My technical background involves software engineering, vulnerability research, and exploit development that spans targets ranging from desktop applications such as web browsers, embedded game consoles, to mobile devices. My professional experience includes people management, principal consultant, mentor, managing customer relationships, launching internal research initiatives, and founder. All technical topics fascinate me, from machine learning to cryptography. I have a strong interest in the intersection of cyber security policy, technology, and US national security.
I am currently a security engineer at a big tech company. Prior to my current role I was the Staff Security Engineer at Square Inc. where I worked on mobile and embedded security for millions of businesses. Before joining Square I was the Director of Penetration Testing and Red team at Yahoo where I ran a team responsible for executing red team exercises, and vulnerability research in both proprietary and open source software. While at Yahoo I also developed and published the Yahoo security vulnerability disclosure policy and worked closely with industry peers to respond to the Wassenaar Intrusion Software export controls. Part of this response included personally briefing the US Commerce Department, and representatives Will Hurd, and John Ratcliffe on the dangers of these regulations for tech companies and the United States.
I founded Leaf Security Research in 2011, a boutique consulting service backed by custom security research. Our services included source code audits, penetration testing, reverse engineering, and training. We performed security audits for many customers with a real world focus and the goal of helping them improve the security of increasingly complex software. While running Leaf SR I developed a unique training course titled “Advanced C/C++ Source Code Analysis” which I delivered to private customers and multiple sold out Black Hat USA classes. Leaf SR was acquired by Yahoo in 2014.
Prior to founding Leaf SR I was a Principal Security Consultant at Matasano Security in NYC. While at Matasano I had the opportunity to perform many challenging hands on technical security consulting projects for many different types of customers.
I started my career in 2003 supporting the US Army CERDEC in the Information Assurance Division.
I've been invited to give talks on the topic of software security and my personal research. I've given guest lectures at the National Security Agency, the US Army, NYU Tandon School of Engineering, and Columbia University. I've been published in IEEE ‘Security and Privacy’ magazine. I've sat on the Black Hat content review board since 2012.
Research and Training Slides
Modern Memory Safety in C/C++ - Open Source Training Slides
Effective Memory Safety Mitigations - Qualcomm Mobile Security Summit May 2018
Offense at Scale - BSides NOLA Keynote 2015, Empire Hacking
Google Native Client - Analysis Of A Secure Browser Plugin Sandbox Black Hat USA 2012
Attacking Client Side JIT Compilers Black Hat USA 2011
Ruby For Pentesters Black Hat USA 2009
Reverse Engineering With Leaf (2008 CarolinaCon)
Varioud old research/slides
Old Public Vulnerability Research
Bro IDS Multiple BinPac Out Of Bounds Read CVE-2014-9586
Suricata DCERPC Out Of Bounds Read/Write (2.0.7)
Firefox 3.6/4.0.1 Array.reduceRight Info Leak / Remote Code Execution (mfsa2011-22)
Firefox 3.6.9 Frameset Parsing Heap Overflow (mfsa2010-50)
Internet Explorer 8 HTML Element Memory Corruption (MS10-035)
Internet Explorer 8 Uninitialized Memory Corruption (MS10-035)
Chrome 8, Safari 5 Webkit CSS Font Face Parsing Type Confusion Info Leak (CVE-2010-4577)
Google Native Client Security Contest 2nd Place
Opera 9.5 FTP URI Parsing Heap Overflow (Opera Bug #901)
Council On Foreign Relations with Micah Zenko (link)
BankInfoSecurity with Mathew Schwartz (link)
Risky Business with Patrick Gray (link)