Dissect || PE Publications

Vulnerabilities Disclosed



Oracle Solaris 9 Sparc/x86 X.Org Remove Vulnerability (full memleak/DoS) - CVE-2012-1699

Apple Quicktime Memory Corruption Vulnerability that lead to code execution (CVE-2012-0671)

Multiple Memory Corruption Vulnerabilities that lead to code execution in Shockwave Player (CVE-2012-2029, CVE-2012-2030, CVE-2012-2031)

Memory Corruption Vulnerability that leads to code execution in Adobe Reader (including X) (CVE-2011-2098)

Papers Released



Overwriting the Exception Handling Cache Pointer - Dwarf Oriented Programming - Defcon Las Vegas 2012

Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti- VM Technologies - Blackhat Las Vegas 2012 Paper

Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti- VM Technologies - Blackhat Las Vegas 2012 Presentation

Distributed Malware Analysis Scheduling - IEEE The 6th International Conference on Malicious and Unwanted Software

Dynamic Program Analysis and Software Exploitation - Phrack Magazine

Conference Participation



Talk, Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti- VM Technologies - Blackhat Las Vegas 2012

Talk, Weird Exploitation - BSidesSP Sao Paulo 2012

Talk, Into the Darkness - Troopers 2012

Talk, Behind the Scenes - Security Research - BHack Conference 2012 (not Blackhat)

Talk, Operating System Security for Specific Purpose Devices - BSidesDFW Dallas 2011

Talk, Operating System Security for Specific Purpose Devices - BSidesPDX Portland 2011

Keynote Talk, Behind the Scenes - Security Research - Hackito Ergosum 2011

Talk, Automated Malware Analysis - TakeDown Conference 2011

Talk, Automated Malware Analysis - ISSA Conference 2011

Talk, Dynamic Program Analysis and Software Exploitation - Troopers 2011

Talk, Automated Malware Analysis - SegInfo Conference 2011

Talk, Behind the Scenes - Security Research - Valesec Conference 2011

Blog Posts



Into the Darkness - Dissecting Targeted Attacks

Morto Architecture Review