Carter Yagemann

Carter Yagemann

Assistant Professor of Computer Science and Engineering at the Ohio State University with interests in automated vulnerability discovery, root cause analysis, exploit prevention, and cyber-physical security.

Articles

Intel PT Data at Rest: A Compression Experiment

Full Disclosure: I am a researcher in Georgia Tech's ISTC-ARSA, which is funded by Intel. Although I reference two publications that share Xinyang Ge and Weidong Cui as authors, I am neither associated with them nor Microsoft Research at the time of writing. Intel Processor Trace (PT) is a powerful …

Windows _EX_FAST_REF Pointers and Virtual Machine Introspection

Last week I was working on a VMI-based malware unpacker for Linux and Windows when I came across an interesting problem. I was trying to implement a method that would, given a virtual address and process ID, return the address range of the memory segment it belongs to using VMI …

You never know where your code will end up.

I was searching through an archive site for 4Chan when I noticed that my name was in a random post on the Technology board, /g/: Anonymous Sat Jun 17 11:13:54 2017 No.60943336 >>60943289 I'm running it locally, but you can get it here: https://github.com …

Intel Processor Trace, execvp, and ptrace

Lately, I've been playing around with Intel Processor Trace (PT); a x86 hardware feature that allows for complete tracing of process control flows. As part of my research, I've been developing my own Linux driver and user program to control PT. Tracing can be configured using a handful of model …

Of Fancy Bears and Men: Attribution in Cybersecurity

I wrote a guest blog post for Georgia Tech's Internet Governance Project (IGP) on the topic of attack attribution. You can read the post here: http://www.internetgovernance.org/2017/03/09/of-fancy-bears-and-men-attribution-in-cybersecurity/

Getting the CR3 value for a PID in Linux

Writing low level code can be difficult due to the lack of examples on the internet. The answer is generally sitting somewhere in a 3,000 page manual where only the most dedicated programmers will find it. Last week I had such an experience. Currently my research involves a lot …

Site Redesign

HTML5Up When I originally registered the domain carteryagemann.com I imagined it would be a single static page summarizing my professional career; an eye catch for recruiters and peers searching my name on the internet. I wanted a place for bragging that I would have complete control over and not …

The Problem with DRM

Preamble The topic of digital rights management (DRM) systems is a controversial one among those affected by it. Some readers are going to jump to conclusions without properly reading what I want to write on the matter and there's nothing I can do about that. To those with minds open …

Demystifying the Master’s Thesis — Is it right for you?

Originally written for the Syracuse University College of Engineering blog. A few weeks ago I successfully defended my master’s thesis. At 55 pages long, it summarizes my research findings from two years spent in Professor Kevin Du’s lab studying the security of the Android operating system. With its …

Apple’s Balancing Act—Yesterday, Today, and Tomorrow

Originally written for the Syracuse University College of Engineering blog. A few months ago I read Splinternet by Scott Malcomson. It recounts the early days of the internet and personal computing. One section in particular caught my attention—a quote taken from an abandoned Apple ad campaign: "There are monster …