Reboot

It’s been quite a while since I’ve posted anything here other than the occasional conference report, and there are many more of those in draft form from the past two years that I didn’t even get around to finishing up and actually posting…  This is due to a variety of reasons, some of which include a complete change in career focus a couple years ago involving going into business for [...]

By |2012-02-06T10:14:00+00:00February 6th, 2012|business, employment, Personal|0 Comments

Sleep Hacking

While working for TippingPoint’s DVLabs, I was fortunate enough to not be held to any kind of regular work schedule. Working in an almost pure research role, without the requirement of regularly interfacing with customers or even the rest of the DVLabs group, I had the opportunity to explore something that I’ve never really had the opportunity to before, at least not for extended periods of time; my body’s natural [...]

By |2008-06-23T08:14:16+00:00June 23rd, 2008|employment, hack|0 Comments

MS08-033 AVI/MJPG Vulnerability

Since last Tuesday (Microsoft Patch Tuesday), I've taken a break from coding Application Protocol Simulators (the hot-button item at BreakingPoint right now) and worked on the Security side of the product. I've spent almost exactly one week working on a Strike-set for the ms08-033 AVI/MJPG vulnerability.  The Strike-set includes 8 Strikes all which generate dynamic, randomized, malicious AVI files to attack and trigger the vulnerability. If you're into vulnerability exploitation [...]

By |2008-06-17T16:29:05+00:00June 17th, 2008|employment, exploit, security|0 Comments

ms07-061

My second Microsoft Patch Tuesday at the new employer was fairly uneventful. This Tuesday there was only one patch rated critical, MS07-061, and as it turns out it was the bug that I had already worked on last week. Essentially all I had to do was update my strikes from last week with the new reference and rename them, and our team was essentially done. You can read the details [...]

By |2007-11-13T14:54:39+00:00November 13th, 2007|employment, exploit, security, security research|0 Comments

New Employer: BreakingPoint Systems

Today I stepped into a new role as a Security Researcher for BreakingPoint Systems. I will be working with the team that handles the security component of the flagship product, the BPS-1000, which is a load and security testing appliance used to test network devices such as switches, firewalls, and the types of products my previous employer produces, Intrusion Prevention (or Detection) Systems. For the most part I'll be developing [...]

By |2007-10-01T21:50:39+00:00October 1st, 2007|employment, security, security research|0 Comments

TippingPoint DVLabs Website

Apparently, my employer launched the new TippingPoint DVLabs website when I wasn't looking. Click through and check it out, it's pretty slick. Not only do they have bios of all the team members, but each member page pulls data from all the other areas of the site like upcoming and published advisories, appearances, blog posts, etc. in an aggregated list specific to that team member. And of course, the site [...]

Anatomy of an 0-day

Cody Pierce, a colleague of mine at TippingPoint's DVLabs, was recently profiled in an article by Dennis Fisher over at SearchSecurity.com. The article basically describes how Pierce went about discovering and disclosing an 0-day vulnerability in the Internet Help Control ActiveX component last April, which resulted in a patch from Microsoft last August. To do this, he built a custom fuzzer to test large numbers of ActiveX controls and separate [...]

By |2007-04-19T13:08:18+00:00April 19th, 2007|employment, security research|0 Comments

New Employer: TippingPoint

Today I've begun working for a new employer, TippingPoint, a division of 3Com. Essentially TippingPoint is a recent acquisition of 3Com's and has become 3Com's Security Research group. While working for TippingPoint, I'll be doing a number of different things, primarily working with the TippingPoint Security Research (TSR) team who do product vulnerability assessment and verify Zero Day Initiative submissions. I'll also be helping the Digital Vaccine team design IPS [...]

By |2006-03-06T11:30:24+00:00March 6th, 2006|employment, security, security research, voip|0 Comments

New Employer: Sipera Systems

Last week, shortly after returning from the BlackHat / DefCon conferences in Vegas, I resigned my current position with Citadel Security Software to take a Vulnerability Research position with a start-up in the Internet Telephony industry called Sipera Systems. At Sipera I'll be doing much more actual research than I was doing for Citadel, as I was in a multi-use group at Citadel who's other responsibilities fairly regularly trumped doing [...]

By |2005-08-10T04:18:17+00:00August 10th, 2005|employment, voip|0 Comments