Jacob Torrey

Speaking Engagement: Syscan 2015

I will be speaking at Syscan this March; my talk is titled: "HARES: Hardened Anti-Reverse Engineering System ".

The talk will describe a prototype anti-reverse engineering technique providing a method to seamlessly execute AES-encrypted applications with neither the key nor any decrypted instructions residing in accessible . . .

Read More

January 21, 2015

Speaking Engagement: TROOPERS'15

I will be speaking at TROOPERS this March; my talk is titled: "The foundation is rotting and the basement is flooding: A deeper look at the implicit trust relationships in your organization".

The talk will begin with a new hardware-level attack on PCIe as an example for the implicit trust organizations place in 3rd parties. . . .

Read More

January 21, 2015

Chess Vs. Poker

Or: why we're playing the wrong game

Nota Bene: This post is a summary of a disconnection I've noticed in the information security community (myself included) and has been influenced by discussions with others, namely Prof. Bratus; please consider this an invitation to dialogue or comment, and not a one-size-fits all argument.

Having spent a busy spring and summer . . .

Read More

September 13, 2014

Con-a-thon Talk Notes

In my last post, I provided a high-level summary of each of the three Las Vegas conferences, but no real technical meat about what I learned while in the desert. I'm going to take a few moments to type some notes or musings about the talks I attended for posterity.


  • Skull And Bones (And Warez) - Secret . . .

Read More

August 14, 2014

Reflections on a Las Vegas Con-a-thon

Or: BSidesLV, Black Hat and DEF CON

I have survived a week in the hot desert and returned safely and smoothly to the Mile High. While the memories are still fresh, I wanted to reflect on my time at the three large conferences and what I liked, what I didn't and lessons learned.


Formed initially as an answer to the other conferences getting too . . .

Read More

August 13, 2014

My MiniLock Concerns

Or on the cyber-playing field

Disclaimer: Some of my concerns and proposed changes may be addressed and included into the miniLock code before the official release, greatly improving security. I will post a new entry once the merge has happened to describe the changes and how they make miniLock much more secure. Until then, please take the below with a large grain of salt . . .

Read More

July 21, 2014

Speaking Engagement: BSidesLV 2014

I will be speaking at BSidesLV this August; my talk is titled: "Cluck Cluck: On Intel's Broken Promises". This talk will cover a CPU/x86 architecture bug on most recent systems (2004-present) that provides an OS independent method to break out of virtual memory. The lesson I hope to impart of my audience is that in adding a new . . .

Read More

July 06, 2014