Experience

Position requires development of defensive offensive and exploitation techniques for both malware and network operations. Perform vulnerability analysis and exploitation development and testing for desktop and mobile platforms/devices and appliances. Develop and code in assembly C Java Android and Objective-C iOS applications for defensive and offensive exploitation. Conduct vulnerability research and analysis of targeted software platforms malware firmware and networks. Reverse engineer corporate and targeted malware for determination of design intent capabilities and vulnerabilities. Author of novel DARPA Cyber Fast Track papers and offensive cyber proposal submissions. Technical exploitation lead on operational IC offensive program. Additional responsibilities include principal technical lead for development of corporate wide cyber initiative. Use and knowledge of nasm Assembly x86 ARM Android SDK tools Android Debug Bridge adb Traceview Dalvik Debug Monitor Server DDMS iOS - Objective Cocoa/Cocoa Touch Xcode IDE and SDK GNU Debugger GDB Intel Debugger IDB Microsoft Visual Studio and Debugger C C Java Valgrind WinDBG PyDbg Hex Rays IDA Pro OllyDbg Immunity Debugger VMWare / VMFusion EnCase MetaSploit Nessus Bastille and BackTrack5.

Scientific Programmer

Reverse Malware Engineering and Exploitation

Global Lead Malware Reverse Engineer accomplished daily reverse engineering and network analysis of all daily targeted corporate malware for Incident Response team. This required emails sent to CSIRT malware analysis MA mailbox for identification of new techniques and targets for phishing spam trojan/virus and location of origin defensive techniques hardening and response. Conducted dynamic and static reverse engineering in virtual space of phishing/spam emails and targeted malware in MA mailbox and incident response malware for further identification of location of malware intent risk level capabilities and actors. Provided in depth deep dive reverse engineering and analysis of advanced features for malware and remote administrative tools. Conducted forensic analysis of firmware and hardware associated with target machines and platforms to include mobile android and iOS smartphones and tablets. Provided professional reporting and detailed summaries for routine and in depth investigations of targeted malware. Conducted covert activities to determine adversary capabilities and intentions utilizing advanced man in the middle secure socket layer techniques for targeted malware. Produced policies procedures and guidelines for routine and continual analysis and reverse engineering of malware from networks mailboxes and incident responses where necessary. Create reverse engineering and malware analysis tools and plugins for routine and in depth analysis of malware.

Responsibilities included managing other senior and junior malware engineers and analysts support global security operations managers operation center technicians and analysts and daily international incident turnover calls. Provided detailed technical reverse engineering documents to International team members for around the clock coverage and analysis. Ran daily malware calls with other engineers and analysts on details and issues related to current and real-time incident malware analysis. Developed custom reverse engineering tools and scripts for use by other team members to enable streamlined processes and batch processing capability for large data sets. Managed International malware team coverage and reverse engineering schedules. Developed schedules for advanced algorithm development programs and reverse engineering tool development testing and deployment.

Human Language Technology and Scientific Programming

Position entailed the development and implementation of scientific algorithms for multi-lingual data exploitation and data mining as well as research and implementation of pattern analysis and kernel method algorithms. Developed and tested software implementations for mathematical/scientific algorithms against large customer data sets for speaker and language model building training and identification testing for Urdu Persian Somali and Arabic dialects. Created language identification and speaker components for multilingual triage platform for IC. Interface and test new algorithms with existing products and software. Development environments are Ubuntu Linux 64bit Darwin OSX Unix 64bit Centos and Windows. Code developed in Java and Perl utilizing JSON HTML XML Apache Hibernate and Spring Framework.

Reverse Malware Engineer Confidential

Reverse Malware Engineering

Assumed the position of manager and technical lead for advanced research virus contract with IC for five years. Development of malware profiling tools reverse engineering tools/methodologies disassembly language analysis tools and attribution analysis tools/methodologies. Performed vulnerability analysis and testing of mobile platforms/devices and appliances. Conducted vulnerability research and analysis of targeted software platforms malware firmware and networks for classified target sets. Responsibilities included assessing the viability of author-specific or author-identifying traits and heuristics for cyber intrusion attribution analysis evaluate their strengths weaknesses and viability with respect to the attribution behavioral analysis techniques defensive and offensive programming execution and analysis. Testing these concepts using known software and extending these methods to malicious software in malware collections. Used clustering algorithms to perform correlation of statistical attribution data. Extensive use of probability and stochastic processing mathematics to analysis and evaluate data and development of software tools to automate these methods. Develop methods and tools to identify extract and correlate selected traits from malware binaries. Use of author-specific traits and heuristics for cyber intrusion attribution analysis. Development of methods and tools to search parse and correlate data from cyber incident databases with the attribution methods outlined. Developed an ontology database for characterizing malware behavior and their relationships to other malware. Presentation of research results at last five annual CERT/CC Workshops.

Developed entropy algorithm in C for binary entropy analysis. Tool used on non-malware and malware for packer and encryption identification results published in IEEE Security and Privacy 2007. Performed analysis and discovery of residual Microsoft compiler data from bots and other malware which was continually repackaged/modified and re-deployed by the same authors i.e. serial bots. Results achieved identification of five serial bots in McAfee bot corpus. Demonstrated that residual data serial analysis can provide an accurate picture of relations among malware and Bot variants. Also analyzed usefulness of deployment frequency tracking and changes to binary and/or functionality. Results published in Journal of Digital Forensics 2007.

Tasks also included the reverse engineering of virus/worm/trojans for IC using debuggers and disassemblers IDAPro and OllyDebug. Obtained extensive use of disassembly language Visual C/C Perl Python and IDAPython. Hands on experience with MIM SSL attacks and other strategies. Development and implementation of reverse engineering tools and methodologies for malware analysis and trending. Published internal technical reports and released updated malware databases to IC to include non-wild zoo samples for zero day vulnerability analysis and technology analysis. Programming and implementation of plug-in tools for Adobe Acrobat in Microsoft Visual C/C environment utilizing PVCS and Tracker. This project required the installation of tools with COM objects Interface and UUID implementation and testing this implementation with a custom designed tool.

Software Development Engineer Confidential

Acted as the technical lead for software development of a Low Rate Information Terminal Software Radio Project . This project utilized Microsoft Visual C for the entire development implementation and testing of a software transceiver. This encompasses digital data communications and signal processing required knowledge of RF transceivers quadrature tuners mixers A/D D/A conversion techniques filters modulation bit synchronization encoding techniques. SNR analysis theoretical gain analysis as well as other aspects of performance calculations required for a software transceiver implementation.

Kernel Mode Device Driver Development Technical lead for the development of a kernel mode network device drive for the implementation of SCPS Space Communications Protocol . This project involved the reverse engineering of a UNIX implementation of SCPS Space Communications Protocol which was based upon a unique threading model. The objective was to port reference implementation in C from UNIX to a kernel mode device driver. A complete rewrite was needed which involved low level coding requiring knowledge of Network Device Interface Specification NDIS Transport Driver Interface TDI Windows Debugging Windows Network Programming Device Driver Development DDK Software Development Kit SDK network interface programming protocol stack development and programming communications protocol coding TCP/IP and SCSP space communications protocol . Applications level coding required knowledge of Unix and Windows sockets programming Windows multi-threaded programming COM Interface and OLE coding Windows API Dynamic Link Libraries DLLs IPSec Active Directory. Tools used were Visual C Windows Debugger DDK/SDK CVS MKS Source Integrity and MKS Toolkit.

Utilized Visual Basic C object libraries to enable Microsoft Excel to be used as a tool in the determination of an ECI coordinate converter. Visual Basic was used to implement a class of existing C static object libraries and DLLs. This project required knowledge of Visual Basic Programming Mixed Language Programming Windows API DLLs and Windows 2000 Excel Macros. Development was done in Microsoft Visual Basic 6.0 and Microsoft Visual C 6.0.

Other responsibilities included new business development. This involved actively and aggressively seeking out new business in the private and government sector to fit current and future research and development objectives.

Senior Software Engineer Confidential

Virtual / Constructive Air/Ground/Space Simulations

Lead simulation engineer for development and experimentation. Created virtual software simulations for virtual warfare center. Emulation of air sea ground and space assets. Modeling of all asset communications JTIDS IP radio Sat Radio etc. as well as SOSI and Cyber Networks for both Red and Blue forces. Programming of physics models for simulation of space assets consisting of sensor atmospheric and data modeling. Programming configuration testing and running of all ELINT COMMINT and SIGINT ground station modeling. Operational lead for simulation and experimentation execution.

Triple Store/Database Programming for IC

Supported several facets of a triple store data project DataSphere . Provided ontology support for the implementation of several new data manipulation functionalities within the triples. This included custom URI ontology modifications data generation and testing. Created and modified existing Python scripts for conversion of raw data to database tables extraction of data from tables through queries to CXML and RXML and creation of triples from CXML and RXML for several major customer data sets. Ran the ETL process for significant data loads and evaluation tests for several data sets. Developed and modified Java triple conversion code to support new data sets. Overall system was designed to support utilization of custom query engine to perform unique information extraction from new triple stored data sets. Performed technology assessment and analysis of triple stores for customer applications. Configured loaded tested and contrasted Oracle 11g and AllegroGraph 3.0 with LUBM data. Hands on experience with OWL RDF and Ontology Modeling and COTS tools such as Gruff and Protege. Lead for recreation of ontology for customer data on future triple store implementations. Modified existing customer ontology to support new data set characteristics. Supported data normalization process across a large number of data sets for consistent integration and query capability at the triple store level.

Supported orbit and coverage analysis for compartmented spacecraft development for both large and small programs. Developed code to support geometric and spatial analysis of space based systems. Ran simulation analysis to determine optimal trajectories and maintenance orbits/maneuvers for spacecraft. Software programmer and scientific algorithm development for satellite sensor modeling and simulation tools. Involved mathematical computational and physical modeling of advanced satellite system platforms and sensors. Developed software to model IR and EO sensors on existing and future vehicle platforms specifically modeling line rate aggregation modes TDI NIIRS etc. Developed software to model SAR ESAFR and DRA sensors and data processing on existing and future platforms. Developed software architecture to implement known HSI sensor characteristics on experimental vehicle. Integrated overhead space assets into virtual warfare center simulation code for preplanned and real time update of tracking and telemetry points. Continuing work was done to existing Boeing satellite simulation code to integrate into AFNES for support of joint overhead asset simulations at the VWC. Development and coding of k-means windowing and simulated annealing satellite scheduling algorithm. Software developed in Matlab and implemented in C . Development and coding of LIDAR and polarimetric sensor algorithms for simulation of satellite sensor data processing and analysis. Design included mathematical modeling of sensor characteristics onboard and ground processing algorithms. Software developed in Matlab and implemented in C . Development and coding of SIGINT ELINT and COMMINT software algorithms for signal generation enabling simulation of signal generation satellite detection and processing. Software developed in Matlab.

Program Manager and Chief Scientist for several software development research projects within the aerospace industry. Responsibilities included the architectural software design code development coding code integration testing project management and customer briefings. Development of genetic evolutionary and custom algorithms for satellite design optimization using advanced electromagnetic and materials science concepts. Platforms and languages included Windows NT/2000/XP SGI Origin 2000 / Octane Sun and Cray Research platforms. Coding was done in a UNIX and Windows environment utilizing FORTRAN C/C Microsoft Visual C and Unix SGI IRIX compilers. Project includes the modification of existing electromagnetic and method of moments codes inter-language linking and development of new code in all the aforementioned languages. Extensive utilizing of physical optics electromagnetics local and global optimization combinatorics and discrete mathematics.

Satellite Systems Engineer Confidential

Systems communication engineer for spacecraft subsystems and ground communications infrastructures. Responsible for the design and modification to ground station and IC communications infrastructures. This position required programming in C / C on Sun Sparc Stations for operation in a real time environment. This position also involved extensive network analysis and spacecraft communications system analysis and troubleshooting of malfunctions verification of hardware states and data trend analysis for anomaly identification. These systems required a working knowledge of RF modulations encoding techniques satellite communications techniques and major WAN and LAN technologies see above . Also participated in the incorporation of this knowledge into the design of spacecraft communication subsystems to meet current and future operational needs. Supported on orbit spacecraft activities and exercises for 24X7 support. State of health engineer for several systems on defense spacecraft systems.

Lead Systems Engineer/Technical and Marketing Support

Marketing of advanced communications technologies into global financial institutions located in Latin American and European Countries. This position required integration of products utilizing ISDN D B and H type channels with required knowledge of signaling system 7 components SCCP and MTP to achieve OSI network layer support and extensive knowledge of X.25 and private public key exchange and government DES encryption standards. Position required extensive travel to support technical requirements and to assess long-range technology needs. Customer support for resolution of technical problems on a system and subsystem level. Provided international on-site installation and training of customer personnel on data communications systems.

Systems Engineer Confidential

Responsible for the design and implementation of WANs and LANs for large scale telecommunications systems. Principal engineer for the development of several major satellite communication systems. These systems where developed with the use of the following wide and local area technologies TCP/IP IPX UDP DNS SNMP IP/Voice over SONET SONET ATM Frame Relay FDDI HDLC PPP External Routing Protocols BGP/EGP CIDR and Interior Routing Protocols RIP OSPF IGRP OSI . This position required knowledge of the following network management tools SNMP COBRA CMISE and Tivoli systems. Primary data interfaces required knowledge of data server environments as well. Provided communications support for various satellite communications systems. Responsibilities included the design and modification of terrestrial digital satellite communications design of mission flight control and communications room modifications to existing communications systems design installation integration and testing of new communications systems training of on-site personnel for maintenance and operations of communications systems off-site installation and training of hardware and software troubleshooting and anomaly resolution. This position required knowledge of video and audio modulation and distribution technologies extensive knowledge of satellite and terrestrial T1 and T3 circuits dial-up circuits encryption coding IEEE hardware standards and circuit analysis tools and techniques. Interface and database development on Sun platforms utilizing Sybase. Provided launch support readiness reviews for communications support testing rehearsals and real-time communications support.

Technical Knowledge

Operating Systems iOS Android Symbian All Windows platforms Darwin Mac OS-X Cygwin Unix SCO Unix Linux Ubuntu Fedora Core CentOS RedHat and SC Linux.

Hardware UNIX SGI Origin 2000 Octane Cray Research TCP/IP IPX UDP DNS SNMP IP/Voice Sonet ATM Frame Relay FDDI HDLC External Routing Protocols BGP/EGP CIDR Interior Routing Protocols RIP DSPF IGRP OSI CORBA X.25 DES ISDN SS7 IEEE T1/T3 Public Key Encryption RF Modulations

.Development/Analysis Software/Protocols Xcode and OS-X/iOS developer tools and SDK Android Debug Bridge adb Traceview MetaSploit Nessus Bastille BackTrack5 GNU Debugger GDB Intel Debugger IDB Microsoft Visual Studio Debugger Valgrind WinDBG PyDbg Hex Rays IDAPro Disassembler and Decompiler OllyDbg Immunity Dbg Xcode DDMS JDWP Sleuth Kit / Autospy EnCase Matlab Microsoft Visual C .NET Adobe Compose Visual Basic Windows SDK DDK Version Control MKS Source Integrity and CVS C Documentation Doxygen

Languages Java Objective C C C Visual Basic Perl Python IDAPython JSON XML HTML AJAX CSS3 and FORTRAN.