Blog Posts

Some ancient blog posts from a prior life:

• May 15, 2015 - Estimating Google’s Two-Factor (2SV) Adoption
• Jul 16, 2013 - ReKey: Fixing Android’s Master Key Vulnerability
• Feb 25, 2013 - Bypassing Google’s Two-Factor Authentication
• Sep 12, 2012 - Early Results from X-Ray
• Jul 25, 2012 - Announcing X-Ray For Android
• Jul 16, 2012 - Exploit Mitigations in Android Jelly Bean 4.1
• Jun 21, 2012 - Dissecting the Android Bouncer
• Mar 21, 2012 - Announcing VPN Hunter
• Feb 27, 2012 - ASLR in Android Ice Cream Sandwich 4.0
• Nov 27, 2011 - CSAW CTF 2011 Kernel Exploitation Challenge
• Sep 08, 2011 - Tool releases: ksymhunter and kstructhunter
• Jul 06, 2011 - Stackjackin' 2: Electric Boogaloo
• Jun 21, 2011 - RSA-Proofing Our Duo Push Two-Factor Authentication
• Jun 08, 2011 - Duo Push: The Next Generation of Two-Factor Authentication
• May 28, 2011 - When Angry Birds Attack: Android Edition
• Apr 20, 2011 - Stackjacking Your Way to grsec/PaX Bypass
• Mar 07, 2011 - How I Almost Won Pwn2Own via XSS
• Nov 29, 2010 - Exploiting Stack Overflows in the Linux Kernel
• Nov 02, 2010 - CSAW CTF 2010 Kernel Exploitation Challenge
• Oct 23, 2010 - Linux Kernel pktcdvd Memory Disclosure
• Sep 10, 2010 - Linux Kernel CAN SLUB Overflow
• Aug 10, 2010 - Dexcode Teardown of the Android SMS Trojan
• Jun 28, 2010 - A Peek Inside the GTalkService Connection
• Jun 25, 2010 - Remote Kill and Install on Google Android
• Jun 21, 2010 - SummerCon 2010 Slides
• Apr 25, 2010 - SOURCE Boston Slides
• Apr 10, 2010 - ReiserFS .reiserfs_priv Vulnerability
• Oct 04, 2009 - Linux Kernel x86-64 Register Leak
• Sep 28, 2009 - Disabling Green Dam with Dam Burst
• Aug 29, 2009 - Linux Kernel getname() Stack Memory Disclosures
• Aug 10, 2009 - PolyPack at USENIX WOOT '09
• Jul 12, 2009 - Hijacking Tinychat Screencasts
• Jun 30, 2009 - Analysis of a Trojaned ssh/sshd
• Apr 20, 2009 - udev Local Privilege Escalation
• Apr 15, 2009 - Panera Gift Card Security
• Mar 25, 2009 - dpkt Tutorial #4: AS Paths from MRT/BGP
• Mar 07, 2009 - ARBSEC 01 Wrap-Up
• Feb 19, 2009 - ARBSEC Officially Launched
• Dec 20, 2008 - dpkt Tutorial #3: DNS Spoofing
• Nov 20, 2008 - VirusTotal Python Submission Script
• Oct 15, 2008 - dpkt Tutorial #2: Parsing a PCAP File
• Sep 04, 2008 - Bash Brace Expansion Cleverness
• Aug 25, 2008 - dpkt Tutorial #1: ICMP Echo
• Aug 10, 2008 - Hardening DNS with IP TTLs
• Aug 02, 2008 - HotSec 2008 and USENIX Security 2008
• Jul 28, 2008 - WOOT 2008: The Good, The Bad, and The Ugly
• Jul 21, 2008 - UofM-Specific Phishing Campaign
• Jul 21, 2008 - PDPT: Passive DNS Port Test
• Apr 09, 2008 - Beware of Google App Engine SDK
• Feb 22, 2008 - Black Hat DC 2008 Briefings
• Feb 10, 2008 - Exploiting Live Virtual Machine Migration
• Jan 15, 2008 - Detecting and Evading CWSandbox
• Nov 30, 2007 - xkcd Malware Visualization
• Aug 15, 2007 - Facebook XSS
• Aug 10, 2007 - USENIX Security, HotSec, WOOT 2007
• Jul 20, 2007 - DIMVA 2007
• May 07, 2007 - pynids 0.5a Update Released
• Apr 12, 2007 - Cosign SSO Vulnerability
• Feb 12, 2007 - T-Mobile WiFi Hotspots
• Jan 17, 2007 - RFID on Campus
• Nov 24, 2006 - Aimject 1.0 Released
• Nov 13, 2006 - Google Safe Browsing
• Sep 22, 2006 - pybgpdump 0.1 Released
• Sep 15, 2006 - Mozilla Auto-Update Vulnerability
• Aug 31, 2006 - mPrint Privacy Violations
• Feb 15, 2006 - Honeyd Remote Fingerprinting
• Apr 06, 2005 - Mcard Vulnerability
• Jul 25, 2004 - Wolverine Access Vulnerability