I usually try to keep my blog posts technical and free of politics, but I can't hide my frustration over EFF's response to today's release of the EFAIL vulnerability. If you haven't heard by now, EFAIL is the name of a vulnerability having to do with how email clients like …

As part of my Ph.D. research, I play around with Intel Processor Trace a lot. As a result, I frequently use libipt; both as a library for my own software and for the reference programs it includes. ptdump and ptxed are my goto utilities for quickly checking and manipulating …

I like data mining. For better or worse, it's the gold of the digital age. So when the USA government decided to make the analytical data for their publicly facing websites available for download, I jumped at the opportunity. Thanks to this lovely data source, I can get insights into …

The other day I was playing around with CVE-2013-2028 along with my peer Hong Hu when we came across something odd: CVE-2013-2028 is only exploitable on 64-bit GNU/Linux when ASLR is enabled. After confirming this observation multiple times, we were left very surprised. How could ASLR possibly worsen the …

Full Disclosure: I am a researcher in Georgia Tech's ISTC-ARSA, which is funded by Intel. Although I reference two publications that share Xinyang Ge and Weidong Cui as authors, I am neither associated with them nor Microsoft Research at the time of writing. Intel Processor Trace (PT) is a powerful …

Last week I was working on a VMI-based malware unpacker for Linux and Windows when I came across an interesting problem. I was trying to implement a method that would, given a virtual address and process ID, return the address range of the memory segment it belongs to using VMI …

I was searching through an archive site for 4Chan when I noticed that my name was in a random post on the Technology board, /g/: Anonymous Sat Jun 17 11:13:54 2017 No.60943336 >>60943289 I'm running it locally, but you can get it here: https://github.com …

Lately, I've been playing around with Intel Processor Trace (PT); a x86 hardware feature that allows for complete tracing of process control flows. As part of my research, I've been developing my own Linux driver and user program to control PT. Tracing can be configured using a handful of model …

I wrote a guest blog post for Georgia Tech's Internet Governance Project (IGP) on the topic of attack attribution. You can read the post here: http://www.internetgovernance.org/2017/03/09/of-fancy-bears-and-men-attribution-in-cybersecurity/

Writing low level code can be difficult due to the lack of examples on the internet. The answer is generally sitting somewhere in a 3,000 page manual where only the most dedicated programmers will find it. Last week I had such an experience. Currently my research involves a lot …