Home
About
- k0ss security
  
  The goal of this blog is to help advance the state of offensive netsec by giving walkthroughs not just of security flaws I've found, but how I found them as well.
- Learn More
- Twitter
- LinkedIn
- Github
- StackOverflow
Posts
- All Posts
- All Tags

About This Blog and its Author

Blog Purpose

In order to secure a system, you need to look at all the code that can be influenced by user input, but to break it you only need to find one mistake. I want to teach how to make systems break by finding the mistakes that someone else missed.

I will highlight some of the exploitation and reverse engineering projects I’ve worked on, and also mix in some techniques I use to ensure a more stable or stealthy exploitation that should be relevant to both the complete novice and the veteran hacker. If you would like to know more about something security related, drop me a line by email and I’ll see what I can do!

In this blog, it is my intent to share with you:

What I’m working on
New techniques I’ve picked up
New tools that have helped me find vulns

Résumé

Experience

Cisco Systems (ASIG) | Security Researcher | Austin, TX/Remote | 08/2017-Present

Perform in-depth static and dynamic code analysis.
Reverse engineer custom network protocols to aid vulnerability analysis.
Create documentation for existing tools and create new tools to automate bug discovery.
Turn memory corruption and logic bugs I find into working exploits for proofs of concept.
Lead an intern project to create an internal fuzzer management framework.
Implement a tool for feedback-based fuzzing of server binaries without source code or reversing.

VMWare, Inc. | Security Engineer | Austin, TX | 07/2016-08/2017

Managed the SDL Process from idea to release and response with multiple product teams.
Pentested Java/C++ applications.
Analyzed configurations of SaaS service stack applications for insecure implementations.
Evaluated security of cloud applications in an AWS environment.
Triaged bugs for exploitability in a response role as needed.

Cisco Systems (ASIG) | Security Researcher | Austin, TX | 08/2014-07/2016

Performed in-depth static and dynamic code analysis.
Reverse engineered custom network protocols for vulnerability analysis.
Researched using open source tools like AFL and angr to automate bug discovery.
Turn memory corruption and logic bugs I find into working exploits for proofs of concept.
Hunted down more complex bugs such as cryptographic implementation flaws.
Customized a collaborative CTF lab and encouraged CTF participation in our department.

Intellergy, Inc | Software Engineer | Blue Hill, ME | 02/2013-08/2013

Created PHP/HTML/Javascript/CSS software with MySQL database interactions.
Ensured all committed code was secure and efficient.

University of Maine | Networking Student Employee | Orono, ME | 5/11-2/13

Led the effort of security testing websites and embedded devices on the campus network.
Compiled detailed reports of each vulnerability found, and how to fix it.
Assisted with imaging of computer clusters.

Security Research

Reported vulnerabilities in websites/software
ArmedAssult.info SQLi, XSS (2007)
OpenText FirstClass Code Execution (2011)
Contributed to open source concolic execution engine project, Angr
Familiar with newest binary exploitation techniques (ROP, Heap Spraying, learning how2heap)
Familiar with shellcoding for x86 and bypassing character restrictions
Static/Dynamic Binary Analysis using IDA, frida, angr, gdb, windbg, Immunity Debugger

Education / Certifications

University of Maine | B.Sci. in Computer Science | German Minor | 2014

CCDC Team Co-Captain & German Club President
4 years of Spanish & German courses

Corelan Advanced Exploitation

Learned advanced heap exploitation and browser exploitation

CISSP “Associate” (Passed CISSP exam, need 5 years industry work experience to get CISSP)

This exam seemed like a waste, but I had to suffer through it so it goes here!