Public Research


Some of my various items can be found on Github.

Hardware Involved Software Attacks whitepaper, released 17 Dec 2011. A taxonomy of classes of attack involving hardware to facilitate an attack from an unexpected direction against software. Becoming increasingly relevent in the industry as attackers move lower in the technology stack and 'direct-to-hardware' technologies like OpenCL/WebCL become commonplace.

LoLA - Low Level Access, a Linux kernel module + programming APIs allowing direct hardware access (CPU registers, raw memory, PCI address space, etc.) from user-space scripting languages such as Python and Perl. Useful for rapid hardware research & driver prototyping.

RFPolicy, considered to be the first responsible disclosure policy of the security industry.

Phrack #54 - NT Web Technology Vulnerabilities, included in the article is the first public discussion of SQL injection (12 Dec 1998), presented in terms of MS SQL Server and example exploits in Microsoft IIS scripts.


Patent Publications


US 9,081,954 - Verifying firmware integrity of a device
An IoT/hardware device verification mechanism to detect firmware tampering or unauthorized firmware replacement

US 8,984,316 - Fast platform hibernation and resumption of computing systems
Securely hibernating and resuming memory contents to a persistent storage medium while not allowing the contents to be tampered while in storage

US 8,925,077 - Mobile devices with inhibited application debugging and methods of operation
Methods to prevent debugging of an Android application

US 8,413,239 - Web security via response injection
Dynamic mitigation of web-based browser attacks (phishing, etc.) through web content manipulation by a network traffic processing node

US 8,286,220 - Browser access control
Remote injection of javascript into a web browsing session to verify the client browser, extensions, and plugins adhere to a specified security policy

US 8,763,120 - Exploitation detection
Method for detecting cross-site scripting (XSS) attacks via an HTTP proxy

US 8,793,488 - Detection of embedded resource location data
Heuristic optimization to identify encoded or obfuscated variations of HTTP/web URLs in a data stream

US 8,230,506 - Proxy communication detection
Heuristic detection of URL/form based web proxy traffic, to catch subversion of HTTP domain-based access controls

US 8,055,767 - Proxy communication string data
Heuristic method for detecting tunneled HTTP/URL references, to prevent subversion of web domain-based security controls

US 9,154,475 - Proxy communication string data
Dynamic authentication and transparent authorization of HTTP requests by a web client

US 8,656,478 - String based detection of proxy communications Heuristic/fingerprint identification of certain web scripts related to subversion of HTTP/URL-based security controls

Further applications are pending