Reboot

It’s been quite a while since I’ve posted anything here other than the occasional conference report, and there are many more of those in draft form from the past two years that I didn’t even get around to finishing up and actually posting…  This is due to a variety of reasons, some of which include […]

Sleep Hacking

While working for TippingPoint’s DVLabs, I was fortunate enough to not be held to any kind of regular work schedule. Working in an almost pure research role, without the requirement of regularly interfacing with customers or even the rest of the DVLabs group, I had the opportunity to explore something that I’ve never really had […]

MS08-033 AVI/MJPG Vulnerability

Since last Tuesday (Microsoft Patch Tuesday), I’ve taken a break from coding Application Protocol Simulators (the hot-button item at BreakingPoint right now) and worked on the Security side of the product. I’ve spent almost exactly one week working on a Strike-set for the ms08-033 AVI/MJPG vulnerability.  The Strike-set includes 8 Strikes all which generate dynamic, […]

ms07-061

My second Microsoft Patch Tuesday at the new employer was fairly uneventful. This Tuesday there was only one patch rated critical, MS07-061, and as it turns out it was the bug that I had already worked on last week. Essentially all I had to do was update my strikes from last week with the new […]

New Employer: BreakingPoint Systems

Today I stepped into a new role as a Security Researcher for BreakingPoint Systems. I will be working with the team that handles the security component of the flagship product, the BPS-1000, which is a load and security testing appliance used to test network devices such as switches, firewalls, and the types of products my […]

TippingPoint DVLabs Website

Apparently, my employer launched the new TippingPoint DVLabs website when I wasn’t looking. Click through and check it out, it’s pretty slick. Not only do they have bios of all the team members, but each member page pulls data from all the other areas of the site like upcoming and published advisories, appearances, blog posts, […]

Anatomy of an 0-day

Cody Pierce, a colleague of mine at TippingPoint’s DVLabs, was recently profiled in an article by Dennis Fisher over at SearchSecurity.com. The article basically describes how Pierce went about discovering and disclosing an 0-day vulnerability in the Internet Help Control ActiveX component last April, which resulted in a patch from Microsoft last August. To do […]

New Employer: TippingPoint

Today I’ve begun working for a new employer, TippingPoint, a division of 3Com. Essentially TippingPoint is a recent acquisition of 3Com’s and has become 3Com’s Security Research group. While working for TippingPoint, I’ll be doing a number of different things, primarily working with the TippingPoint Security Research (TSR) team who do product vulnerability assessment and […]

New Employer: Sipera Systems

Last week, shortly after returning from the BlackHat / DefCon conferences in Vegas, I resigned my current position with Citadel Security Software to take a Vulnerability Research position with a start-up in the Internet Telephony industry called Sipera Systems. At Sipera I’ll be doing much more actual research than I was doing for Citadel, as […]