TL;DR After noticing a trend of conference talks with posted slides or videos being overlooked and hard to search through, I've decided to write an overview blog post for most of my conference talks in order to create a searchable and easy-to-skim jumping-off point. I will link to slides, video and paper if there is one at the end of each . . .

Read More

TL;DR Domas' "Memory Sinkhole" is a clever attack, but in today's OS landscape, can be mitigated via a small software update.

Yesterday at Black Hat USA, I watched as Christopher Domas shed some light on a very exciting/terrifying vulnerability. He discovered that SMRAM accesses can be duped to read/write from the . . .

Read More

I recently gave a talk at Syscan on the topic of HARES: Hardened Anti-Reverse Engineering System. The recording of this talk has just been posted to YouTube and is embedded below:

Read More

While watching Haroon Meer's TROOPERS keynote, I was struck by the major, structural shortcomings in the InfoSec industry; and how little impact it really had on the world. I was left asking myself, even with the sorry state of security, and today's endless parade of bugs and breaches, who is feeling the pain? Haroon highlights that . . .

Read More

I recently gave a talk at TROOPERS on the topic of the implicit trust relationships in an organization's IT infrastructure. The recording of this talk has just been posted to YouTube and is embedded below:

My goal was to explain to the audience how many layers there are in even small networks, and how weaknesses in one . . .

Read More

Welcome!

Thanks for your interest in HARES; I'm glad you're interested in the fascinating world of x86 and I wanted to answer some questions & address some misunderstandings I've been seeing following the publication of the WIRED article on HARES. As the article was much less technical than my upcoming talks, please . . .

Read More