Welcome

Welcome to my website. Feel free to look around:

Blog - musings on computing, security, politics, and my personal life
Research - my research interests, publications, and presentations
Advisories - various advisories, vulnerabilities, and exploits
Projects - software projects I've worked on over the years
About - brief biography and contact information

Upcoming Events

UofM SUMIT 2011 - October 18th - Ann Arbor, MI
NYU Poly CSAW CTF - November 10th-11th - Brooklyn, NY
SOURCE Barcelona training - November 14th-15th - Barcelona, Spain
Infiltrate 2012 - January 12th-13th - Miami, FL

Blog Entries

2011.11.27 - CSAW CTF 2011 Kernel Exploitation Challenge
2011.09.08 - Tool releases: ksymhunter and kstructhunter
2011.07.06 - Stackjackin' 2: Electric Boogaloo
2011.05.28 - When Angry Birds Attack: Android Edition
2011.04.20 - Stackjacking Your Way to grsec/PaX Bypass
2011.03.07 - How I Almost Won Pwn2Own via XSS
2010.11.29 - Exploiting Stack Overflows in the Linux Kernel
2010.11.02 - CSAW CTF 2010 Kernel Exploitation Challenge
2010.10.23 - Linux Kernel pktcdvd Memory Disclosure
2010.09.10 - Linux Kernel CAN SLUB Overflow
2010.08.10 - Dexcode Teardown of the Android SMS Trojan
2010.06.28 - A Peek Inside the GTalkService Connection
2010.06.25 - Remote Kill and Install on Google Android
2010.06.21 - SummerCon 2010 Slides
2010.04.25 - SOURCE Boston Slides
2010.04.10 - ReiserFS .reiserfs_priv Vulnerability
2010.03.15 - Mirrors of MoKB and MoAB
2009.10.04 - Linux Kernel x86-64 Register Leak
2009.09.28 - Disabling Green Dam with Dam Burst
2009.09.11 - Hostage Taking Botnets
2009.08.29 - Linux Kernel getname() Stack Memory Disclosures
2009.08.10 - PolyPack at USENIX WOOT '09
2009.07.12 - Hijacking Tinychat Screencasts
2009.06.30 - Analysis of a Trojaned ssh/sshd
2009.04.20 - udev Local Privilege Escalation
2009.04.15 - Panera Gift Card Security
2009.03.25 - dpkt Tutorial #4: AS Paths from MRT/BGP
2009.03.07 - ARBSEC 01 Wrap-Up
2009.02.19 - ARBSEC Officially Launched
2008.12.20 - dpkt Tutorial #3: DNS Spoofing
2008.11.20 - VirusTotal Python Submission Script
2008.10.15 - dpkt Tutorial #2: Parsing a PCAP File
2008.09.04 - Bash Brace Expansion Cleverness
2008.08.25 - dpkt Tutorial #1: ICMP Echo
2008.08.10 - Hardening DNS with IP TTLs
2008.08.02 - HotSec 2008 and USENIX Security 2008
2008.07.28 - WOOT 2008: The Good, The Bad, and The Ugly
2008.07.21 - UofM-Specific Phishing Campaign
2008.07.21 - PDPT: Passive DNS Port Test
2008.04.09 - Beware of Google App Engine SDK
2008.03.31 - Thinkpad X300 Has Arrived!
2008.03.26 - iRoll: Rick Roll meets the iPod
2008.02.22 - Black Hat DC 2008 Briefings
2008.02.10 - Exploiting Live Virtual Machine Migration
2008.01.15 - Detecting and Evading CWSandbox
2007.11.30 - xkcd Malware Visualization
2007.08.15 - Facebook XSS
2007.08.10 - USENIX Security, HotSec, WOOT 2007
2007.08.01 - 0-Day Auctions in Ann Arbor
2007.07.20 - DIMVA 2007
2007.05.07 - pynids 0.5a Update Released
2007.04.12 - Cosign SSO Vulnerability
2007.02.12 - T-Mobile WiFi Hotspots
2007.01.17 - RFID on Campus
2007.01.03 - Happy New Year 2007
2006.11.24 - Aimject 1.0 Released
2006.11.13 - Google Safe Browsing
2006.11.01 - Halloween 2.0
2006.09.22 - pybgpdump 0.1 Released
2006.09.15 - Mozilla Auto-Update Vulnerability
2006.08.31 - mPrint Privacy Violations
2006.02.15 - Honeyd Remote Fingerprinting
2005.04.06 - Mcard Vulnerability
2004.07.25 - Wolverine Access Vulnerability

Duo Two-Factor Authentication

Duo Security: two-factor auth made easy

Recent Blog Posts

Twitter Updates

Upcoming Events

UofM SUMIT - Oct 18th
CSAW CTF - Nov 10th-11th
SOURCE Barcelona - Nov 14th-15th
Infiltrate - Jan 12th-13th