Researcher and engineer with more than 10 years of professional experience discovering, detecting and mitigating security issues. Passionate about uncovering behaviors of systems and executables and being able to communicate the impact and remediations.
In-house reverse engineering expert, supporting the development of the Source Control and DeviceLink product by analyzing the APIs, file formats and network protocols of various vendors.
Rockwell Network Stack:
•
Reverse engineered and reimplemented the network stack of Rockwell PLCs
•
Wrote a portable Rust library, supporting EtherNet/IP, Common Industrial Protocol (CIP) and PCCC protocols
•
Developed an interposer to analyze and store a project upload for later replaying of the upload, effectively imitating a PLC
Rockwell File Format:
•
Analyzed ACD binary project format to read contained data, allowing advanced analysis of the project to display
CODESYS project file format:
•
Identified compression and encryption in custom file format for protected CODESYS password archives, supporting passwords and certificate based decryption
Various Copia application contributions:
•
Identified and fixed proxy configuration issues in the Copia Desktop application, written in TypeScript
•
Implemented diff support for encrypted rungs in Rockwell project files
Embedded security research and defensive development. Finding vulnerabilities on a variety of hardware and software platforms including Linux, VxWorks and custom platforms on ARM, MIPS and more. Reverse Engineering with IDA Pro and Binary Ninja, writing custom plugins where necessary.
Automating analysis and attacks, as well as developing host-based security solutions in Python and C.
Vulnerability research in ICS and consumer devices (VxWorks, Linux, Android)
•
Building custom hardware for debugging via JTAG/SWD and UART
•
Automating attacks and binary modification in Python and C
•
Source code review and reverse engineering of binaries and drivers to understand internal processes
Contributed components and core functionality for OFRAK
•
Python development in large code base
•
Translating protocols and standards to an abstract usable interface
Managed and developed demos for display at major conferences
•
Three demos at two villages at DEF CON with over a dozen employees involved
2020 — 2020
- -
Security Analyst
2020 — 2020
Zurich, Switzerland
Detection engineering in large corporate network. Automated processes using PowerShell for Windows-heavy environment. Used advanced offensive techniques to improve detection practices.
2020 — 2020
- - -
Security Consultant
2020 — 2020
Zurich, Switzerland
Supported building baseline framework for security incident detection in a small SOC. Leveraged MITRE ATT&CK to formalize coverage and Sigma based patterns to reduce initial engineering.
Collaborate with Security Operations team to identify malicious actors in organization
•
Conduct internal penetration testing to efficiently find network vulnerabilities, as well as adversary emulation to replicate threat actors and finetune detections to enemy TTP’s (Tactics, Techniques, and Procedures).
•
Used expertise in Powershell to develop an automated program for SOC monitoring pattern testing that simulates hacker attacks to test detection patterns.
o Utilize program to train 2 IT apprentices per year in detecting vulnerabilities.
•
Technical support for a new, standardized vulnerability management process for assessing threats and determining best responses and patch times, increasing efficiency by streamlining communications.
•
Manage and export info on system vulnerabilities each week from scanning system Nexpose.
