profile

About Me

I love researching and developing novel security methods across many different fields of computing technology. I also enjoy red-teaming and discovering weaknesses in existing frameworks (see CVE-2021-33912 and CVE-2021-33913 for a few examples of vulnerabilities I’ve discovered). When I’m not doing work related to these two areas, you’ll usually find me tinkering with or contributing to various open-source projects.

I’m highly motivated by opportunities to learn and explore new areas in technology; it’s actually part of the reason why I’ve focused my career path on cybersecurity. It takes a good amount of experience to design a computer system that works well, but it takes mastery to know exactly where its vulnerabilities will lie and come up with permanent solutions to those weaknesses. My drive for learning stems not just from the desire to discover new ideas, but to master them.

A few quick examples of areas I’ve done work in:

  • Network Protocols - designed a novel method of spoofing HTTPS connections to establish reliable communication between hosts without detection from intermediate firewalls
  • Fuzzing - developed .NET extension for libFuzzer that provides guided coverage-based fuzzing for Windows C# libraries (especially useful for fuzzing code with unsafe or Marshal use in a Windows environment)
  • Linux Kernel Development - rewrote and extended significant parts of the Secure Socket API, a kernel module/daemon combination that provides TLS as an operating system service through the socket interface. Extensively used TCP/IP stack internals and Netlink within the kernel
  • DNS & Mailserver Analysis - Discovered several inconsistencies in SPF record processing by mail servers, including two high-profile RCE attacks in a commonly used SPF library. Developed fingerprinting technique to determine SPF implementation being used by a given MTA
  • TLS Research/Development - worked with the OpenSSL library in various projects, implementing features such as client/server session caching, OCSP/CLR checks & stapling, and advanced certificate validation. Contributed official documentation on its usage

In my free time, I enjoy writing & performing piano pieces, making homemade pizza, and playing as goalkeeper in any football game I can happen upon :). I also enjoy connecting with others–you can contact me here or through the links at the bottom of the page if you want to get in touch!