Jacob Torrey

TROOPERS 2017 Day 2 Re-cap

Please pardon the delay, I was enjoying some of the fine European weather in the French Riveria and neglecting my TROOPERS blogging duties. As promised, here is a short description of my day 2.


Starting early in the morning for the annual 10k charity run up the Philosopher's Way, a large group of brave (and sleepy-looking) . . .

Read More

April 02, 2017

Troopers 2017 Day 1 Re-cap

It's late March, thus time for TROOPERS; this year is the 10th anniversary edition of the fantastic conference in Heidelberg, Germany, so an extra special week to be a part of. As I spoke at a pre-conference workshop, the stress was off so I could reflect and re-cap on the content without worrying about an incomplete slide deck. Below . . .

Read More

March 23, 2017

Defensive Programming

Coding in a post-Rowhammer world

Earlier this year at TROOPERS I presented on how many tenets of the LangSec theories could be integrated into a modern SDLC through providing a framework for "verification-oriented programming". This idea revolved around the notion that "to err is human, to be caught at compile-time (or as close to it as possible) divine", and that developers . . .

Read More

October 22, 2016

Consent in InfoSec

An analogy

Recently the buzzword-du-jour has shifted in some circles from "Threat Intelligence" to "Information Sharing", with policy being proposed or enacted to drive companies to share breach and breach attempts with other entities to hopefully assist in their network defenses. One challenge I see to free information sharing between willing and . . .

Read More

April 29, 2016

Verification-Oriented Programming

Accepting LangSec into your heart (or SDLC)

 Next week at TROOPERS I am acting as a TA for Tamas on our VM Introspection training as well as giving a talk aimed at developers and their managers to augment their software development life-cycle (SDLC) with LangSec . . .

Read More

Posted in: langsectroopers

March 07, 2016

The Depressing Effect of Bug Bounties

Why we need to focus on capacity building

Watching the InfoSec industry change over the last few years leaves little doubt in my mind that the majority of players jump onto what is hot, either through a re-branding campaign, acquisition, or legitimate shift. At RSA this spring, the buzzword du jour was threat intelligence; of late however, the hype-machine has been focusing on bug . . .

Read More

November 13, 2015

Blog a Talk: Cluck Cluck

Virtual memory break-out with PCIe

TL;DR After noticing a trend of conference talks with posted slides or videos being overlooked and hard to search through, I've decided to write an overview blog post for most of my conference talks in order to create a searchable and easy-to-skim jumping-off point. I will link to slides, video and paper if there is one at the end of each . . .

Read More

Posted in: blog-a-talkx86

August 12, 2015