nullmethod

Projects

syscalls.kernelgrok.com

Up-to-date Linux system call reference table. Generated using Python, Exuberant Ctags, jQuery DataTables.

bits.nullmethod.com

[DEFUNCT] In-browser file encryption and decryption using JavaScript, HTML5 File API, and drop.io. Currently defunct due to drop.io closing down.

Presentations

Black Hat USA / 2011

Exploiting USB Devices with Arduino A step-by-step walkthrough of USB device assessment and exploitation from a application security professional's point of view. Discusses USB analysis, protocol comprehension, and the creation of custom Arduino USB firmware to exploit architectural vulnerabilities of USB proximity sensor devices. Presentation Whitepaper

Hacker Halted / 2010

Web Application Scanners: Evaluating Past the Base Case Presentation reviewing automated web application scanners' ability to identify common web application vulnerabilities and real-world deviations from base case vulnerabilities.

THOTCON / 2010

Forensic Fail Mortal Kombat themed presentation detailing modern forensic techniques and ways malware can defend itself. Topics include Linux rootkits, Linux kernel module packers, and 0-day in popular forensic tools.

Hacker Halted / 2009

So Long, and Thanks For All the Clock Cycles Awesome development and POC deployment of a distributed / crowd-sourced password cracker that gathers clock-cycles through XSS vulns. Utilizing a Java applet and Django backend, password cracking chunks are distributed to and processed by unsuspecting clients. Video of crowd-pleasing admin interface written in Flex.

Champaign-Urbana InfoSec / July 2008

Penetration Testing 101 Introduction to penetration testing presented with Ken Rowe.

Publications

Dark Reading / June 2010

Scanning Reality: Limits of Automated Vulnerability Scanners Article detailing the commonly overlooked limitations of automated vulnerability scanners and the assumptions that could lead to security fail.

Neohapsis Labs' Blog

Random posts on Neohapsis' blog on topics including encryption key storage, kernel rootkits, and archive file directory traversal vulns.

SALIVATE

A Secure Architecture for Loading, Initializing, and Verifying A Trusted Environment Research completed at CERIAS detailing the architecture and development of a secure boot sequence to identify and restore a compromised system upon boot.

Disclosures

CVE-2009-1151

Static code injection in phpMyAdmin's setup.php.

Google Vulnerability Reward Program / Dec 2010

Stored XSS in Chrome Web Store.

About Greg Ose

I am currently employed as a Senior Security Engineer at "the world's leading and most diverse derivatives marketplace." Previous jobs include Senior Security Consultant at Neohapsis, Software Engineer (Linux Kernel and Device Drivers) at Motorola, Research Assistant at CERIAS, and Security Analyst at Purdue University ITaP.
I have a Bachelor of Science in Computer Science from Purdue University and have taught as an Adjunct Professor at DePaul University (SE 526 - Software Security Assessment).
I possess a strong background and extensive experience in software security assessment, exploitation, software security architecture, and penetration testing. I have developed software in C, Java, Python, Ruby, and a slew of other languages.
I enjoy fine beers, specifically, but not limited to, those produced by Three Floyds, Half Acre, and Founders. I have become addicted to good espresso and Intelligentsia and Metropolis remain among my favorite roasters.

Contact

blog.nullmethod.com

@gose1