Areas of Focus
Penetration testing, application security, malware techniques, C development in Linux and Windows environments, web development
Independent Security Evaluators
- Perform penetration testing and security assessments for a variety of commercial companies, using custom-built tools and exploitation techniques
- Perform research and development in topics of information security
KEYW / Ponte Technologies
- Perform security assessments, source code analysis, and penetration tests
- Perform application assessments for web applications, desktop and server software
- Reverse engineer software and develop exploits for Windows and Linux platforms using IDA Pro and debuggers
- Research advanced malware techniques and build software implants for use on penetration testing engagements
- Develop threat models for commercial enterprises
Open Technology Institute, Washington, DC
- Core developer on the Commotion Wireless Project mesh networking platform. Designed, developed, and tested multiple back-end and web interface components of an OpenWRT-based router firmware distribution, mostly in C and Lua:
- Developed the Commotion Service Manager, a daemon written in C for publishing and receiving multicast DNS-based service announcements. Includes cryptographic signing; a dynamic schema system; as well as a client API implemented as a C library, Python module, and Lua bindings library.
- Authored a plugin to hook in the Serval overlay network daemon into the Commotiond system management daemon's event loop. Also provides a high-level client API for cryptographic and key management services.
- Authored a plugin for the OLSRd mesh routing daemon that forwards and distance-limits multicast traffic.
- Wrote multiple extensions to OpenWRT's Lua-based router configuration web interface.
- Lead the team's experimentation with mobile GSM integration with IP-based mesh networking.
- Trained and worked with communities domestically and outside the U.S. to build and maintain neighborhood-scale wireless networks.
- Produced articles and presented at conferences domestically and outside the U.S. to audiences with varying levels of technical expertise.
- Helped organize the 2013 International Summit for Community Wireless Networks.
- Consulted with our policy team to draft recommendations related to the Wassenaar Arrangement on export controls and E.U. privacy initiatives.
Website Security Audit
Sassafras Tech Collective
Performed a white-box penetration test and source code review of a Ruby on Rails web application. Developed proof-of-concept exploits for found vulnerabilities and produced a detailed report of all findings and remediation recommendations.
Windows Implant Development
Developing a general userland implant platform in C for x86/x64 Windows devices. The platform is built for research purposes, is designed to be stealthy, modular, and flexible, and uses techniques found in advanced malware.
Web Security Audit
Sassafras Tech Collective
Hired to do a white box security audit of a multisite Wordpress installation, hosting over 90 individual sites for Hollaback, a non-profit organization dedicated to ending street harassment of marginalized groups. Included PHP source code audit and website configuration and policy review.
Built and currently maintain a Wordpress-based website for The Monument Quilt Project, a crowd-sourced collection of thousands of stories from survivors of rape and abuse. Website includes custom database management interface for the archival staff and a dynamic map of submissions.
The Baltimore Indypendent Reader
Served on the editorial collective to curate weekly content, write articles, develop and maintain relationships with writers, plan events, and fund raise. Re-designed Drupal website and added media publishing features.
Master of Science in Women’s and Gender Studies.
University of Maryland, Baltimore County
Bachelor of Science in Physics. Cum Laude.