The following links are some of my past information security research. Not all.
Some mentions of my work that are publically available.
- Exploiting Untrusted Objects Through Deserialization: Analyzing 1 of 100+ HPE Bug Submissions
- Busting Myths in Foxit Reader
- Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities In Just 6 Months
Some past presentations that I have shared.
Roberto and I discussed how we found over 200+ Remote Code Execution vulnerabilities within Trend Micro Software.
Here I demonstrated a new technique/variation for exploitation against the Windows 7 heap manager that abuses the allocation offset mechanism. Additionally, I also presented a likely attack technique against the consumer preview version of the Windows 8 heap manager.
This presentation was about the introduction of a plugin for Immunity Debugger that I developed called ‘heaper’ that is designed to not only detect a corrupted heap state before out-of-bounds memory access, but was also designed to detect exploitable conditions in past Windows operating systems.