The following links are some of my past information security research. Not all.
Some mentions of my work that are publically available.
- One Mans Patch is Another Mans Treasure. A Tale of a Failed HPE Patch
- Exploiting Untrusted Objects Through Deserialization: Analyzing 1 of 100+ HPE Bug Submissions
- Busting Myths in Foxit Reader
- Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities In Just 6 Months
Other blog posts I have written:
Some past presentations that I have shared.
I discussed how I found a use-after-free vulnerability and chained it together with an uninitialized object vulnerability to achieve reliable exploitation bypassing several operating system mitigations.
Roberto and I discussed how we found over 200+ Remote Code Execution vulnerabilities within Trend Micro Software.
Here I demonstrated a new technique/variation for exploitation against the Windows 7 heap manager that abuses the allocation offset mechanism. Additionally, I also presented a likely attack technique against the consumer preview version of the Windows 8 heap manager.
This presentation was about the introduction of a plugin for Immunity Debugger that I developed called heaper that is designed to not only detect a corrupted heap state before out-of-bounds memory access, but was also designed to detect exploitable conditions in past Windows operating systems.