I’m Nick Gregory, a research scientist currently working at Capsule8. I used to be vice president and sysadmin of NYU’s OSIRIS Lab where I primarily focused on low-level system emulation and exploitation.

You can find my resume here.


  • Holodeck - Assisted rehosting of embedded devices in QEMU
  • Warpcore - A work-in-progress cyber reasoning system (CRS)
  •  CTF Writeups - NYUSEC’s solutions to a lot of CTF challenges
  • Introduction to Offensive Security - A course I co-created to teach offensive security at NYU Tandon
  •  Dispatch - A Python framework for programmatically disassembling and patching binaries
  • Weather Explorer - A website that allows everyone to dive into the raw data behind weather predictions

Debugging in Production

If you competed in this year’s CSAW CTF, you may have noticed that the site was pretty sluggish until around 1am EST Sunday. This post is a walkthrough of how I went from noticing this sluggishness, to debugging the issue, to putting in a fix which increased page load times by over 10x.

Pivoting Around Memory

When exploiting a program, there’s four primary regions of memory that matter to us:

  • The program itself
  • The stack
  • libc
  • The heap

Introduction to Offensive Security

In the fall of 2017, Josh Hofing and I co-created and co-taught a new class at NYU Tandon: Introduction to Offensive Security. We wanted to create a course that taught the basics of what’s needed in, well, offensive security (playing CTFs, doing pentests, etc.). It was very well received that semester, and is now being re-taught for the third time by Prof. Brendan Dolan-Gavitt who supervised Josh and I when we taught the course for the first time.

OpenGrok is Awesome

Recently, I was looking for a nice, unified way to traverse my way through large open-source projects. The OSIRIS Lab previously had a DXR instance but it ended up not being able to support some projects I wanted to index due to the way it works (a clang pass). I looked around a bit, and decided to give OpenGrok a try, and I’ve been very happy with the results. Seems to be the one good product Oracle makes :P

Weather Explorer

I’m happy to say I’m finally opening up “Weather Explorer”, a project I’ve been working on in my spare time for the past two years.


Since I interned at M.I.T Lincoln Lab in the summer of 2016, I’ve been working on an extension project of the work I did there. While it’s still not finished, it’s a pretty big chunk of work that deserves to be on this website somewhere :)

Warpcore, Our CRS

This semester, Josh Hofing and I have been working on developing the basis for our own Cyber Reasoning System (CRS). The slides from our presentation at the OSIRIS Lab’s end of year meetup are here.


For the past five years or so, I’ve been looking to find a way to get streaming weather data pushed to me. Originally I had wanted level 2 RADAR products to create my own composites/renders, however I couldn’t find a good source that would push it to me, and even if I could, I didn’t have the capacity to handle processing all of that data in realtime. The IEM makes level 2 data available over HTTP, and grabbing individual files as I needed them to experiment was good enough at the time.