Security Posts

Pivoting Around Memory

When exploiting a program, there’s four primary regions of memory that matter to us:

  • The program itself
  • The stack
  • libc
  • The heap

A Brief Exploration of CVE-2018-10938

A recent post to the OSS Security mailing list brought up a potential DoS fixed in Linux about a year ago. This got a decent amount of attention on Twitter, and so I decided to see if I could create a proof-of-concept for this relatively simple bug.

Introduction to Offensive Security

In the fall of 2017, hyper and I co-created and co-taught a new class at NYU Tandon: Introduction to Offensive Security. We wanted to create a course that taught the basics of what’s needed in, well, offensive security (playing CTFs, doing pentests, etc.). It was very well received that semester, and is now being re-taught for the third time by Prof. Brendan Dolan-Gavitt who supervised Josh and I when we taught the course for the first time.


Since I interned at M.I.T Lincoln Lab in the summer of 2016, I’ve been working on an extension project of the work I did there. While it’s still not finished, it’s a pretty big chunk of work that deserves to be on this website somewhere :)

Warpcore, Our CRS

This semester, hyper and I have been working on developing the basis for our own Cyber Reasoning System (CRS). The slides from our presentation at the OSIRIS Lab’s end of year meetup are here.