About Me

I am a hacker, reverse-engineer, and general tech-enthusiast.

You may know me from 😾😾😾 or BADFET.

United Technologies – Principal Engineer

Product Security Center of Excellence

2019-Present

At United Technologies I work to discover previously unknown vulnerabilities in cyber physical products, specifically in the aviation space. At UTC I leverage my experience in hardware reverse engineering, vulnerability research, and hardware/chipsec research to highlight potential gaps in security coverage.

Red Balloon Security – Research Scientist

2016-2019

At Red Balloon Security I was a resident expert in their advanced hardware reverse engineering efforts. This included the development of debugging capabilities on COTs products for unilateral integration of Symbiote technology. Projects at Red Balloon often required the discovery of previously unknown vulnerabilities, novel firmware extraction techniques, and advanced physical reverse engineering using custom or new tooling (e.g. laser ablation, BGA rework, interposers, etc.).

Research and Development

  • Independently developed a microcontroller controlled electromagnetic fault injection research platform “BADFET” for the exploitation of modern embedded systems
  • Lead and participated in the technical research efforts for several DARPA programs and other government efforts concerning: emanations research, advanced reverse engineering techniques, and automated firmware analysis
  • Identified numerous vulnerabilities in IoT and networking devices and am jointly responsible for RBS’s 😾😾😾 disclosure
  • Developed a system for out-of-band communications using brushless motors and their controllers without noticeably disrupting thrust characteristics

Software Development

  • Contribute to the company’s Firmware Reverse Engineering Konsole (FRAK) and developed its initial bitstream reverse engineering capabilities
  • Support development of Red Balloon Security’s embedded device remote integrity attestation framework for Symbiote, Symbiote defense payloads, and the Symbiote payload injection process on new hardware

MIT Lincoln Laboratory – Intern & Student

  • Contributed to the overall system design, software and hardware development, and general research of a novel authentication scheme, which utilizes modern smartphones and hardware-based security mechanisms for ubiquitous cross-platform authentication
  • Implemented full trusted kernel stack using ARM’s TrustZone on a Xilinx Zynq FPGA, including the first and second stage boot loaders, secure monitor, and minimalist bare-metal kernel within the trusted execution environment (TEE)
  • Exploited numerous mobile applications and generated numerous proof-of-concept applications
  • Researched novel techniques for firmware extraction, automated target analysis, and exploitation of automotive systems
  • Demonstrated a proof-of-concept capable of changing the odometer on numerous popular automobiles
  • Designed a utility for automatically fuzzing cyber-physical systems