Archive.
A working index of press, talks, podcasts, and writing. Curated, not exhaustive.
Projects
- Hacker Spirit Scholarship $2,500 annual scholarship at my alma mater for students who fix things they're not supposed to.
- iVerify iOS/Android compromise detection. Incubated at Trail of Bits, spun out as a standalone company.
- Algo VPN Personal VPN server you can stand up in 15 minutes. Recommended by The New York Times.
- Empire Hacking Bi-monthly NYC security meetup I started in 2015 focused on practical offensive and defensive research.
- CTF Field Guide Open-source training material for security competitions, adapted from training Trail of Bits ran for the US military service academies.
- THREADS Research Conference Annual security research conference I organized at NYU CSAW from 2012 to 2014.
Press
- Your iPhone Gets Stolen. Then the Hacking Begins The underground economy that turns locked phones into unlocked ones.
- Attack of the killer script kiddies On AIxCC and the AI agents that find and patch bugs at scale.
- Anthropic Races to Contain Leak of Code Behind Claude AI Agent Why the Claude Code leak is embarrassing but not dangerous.
- Trail of Bits wins big at DARPA's AI Cyber Challenge $3M for second place in DARPA's AI Cyber Challenge.
- DARPA's AI Cyber Challenge reveals winning models for automated vulnerability discovery and patching Trail of Bits placed second at DARPA AIxCC, $3M prize.
- Hackers abuse Zoom remote control feature for crypto-theft attacks Coverage of the ELUSIVE COMET attack and how we caught it.
- Zoom's Remote Control Feature Exploited in ELUSIVE COMET Attacks The social engineering attempt against me became our published research.
- How the Biggest Crypto Hack Ever Nearly Destroyed Bybit Why blind-signing crypto transactions did Bybit in.
- CSAW turns 21 ... with powerful partnerships and new programming NYU's anniversary profile on my long history with CSAW since 2003.
- DARPA competition shows promise of using AI to find and patch bugs On what it actually takes to compete in DARPA's AIxCC.
- Twitter's encrypted DMs are missing basic security features
- Cryptocurrency tech is vulnerable to tampering, a DARPA analysis finds Our DARPA report on how concentrated Bitcoin and Ethereum infrastructure really is.
- It's Time to Stop Paying for a VPN Why most people don't need a commercial VPN, and why Algo works.
- Zoom Hires Security Heavyweights to Fix Flaws
- Audit finds severe vulnerabilities in Voatz mobile voting app
- This App Will Tell You If Your iPhone Gets Hacked Launching iVerify, a consumer tool for detecting compromised iPhones.
- The Hacking Box That Led to a Golden Age of iPhone Investigations
- AMD Has a Spectre/Meltdown-like Security Flaw of Its Own
- How I Made My Own VPN Server in 15 Minutes
- What's Really at Stake in the Apple Encryption Debate
- Apple's FBI Battle Is Complicated. Here's What's Really Going On
- Newer Phones Aren't Easy to Crack
- Trail of Bits: An Alliance of Infosec Heavyweights
- A Brooklyn Lab's Deviant Magic
Talks
- 200 Bugs/Week/Engineer: How We Rebuilt Trail of Bits Around AI How we rebuilt Trail of Bits around AI agents.
- The State of AI/ML Security: Myths vs Reality Cutting through the hype on AI/ML security.
- Financial industry exposure to AI-enabled cyberattacks Briefing the CFTC's Technology Advisory Committee on AI threats to financial markets.
- What Blockchain Got Right What's worth keeping from a decade of crypto.
- Understanding crypto markets security Briefing the CFTC TAC on how crypto markets get compromised.
- High-Assurance Code Reviews: How Consulting Works When the Risks Are High (Keynote)
- Securing Value on the Ethereum Blockchain
- Modern iOS Application Security
- The Smart Fuzzer Revolution (Keynote)
- The Exploit Intelligence Project Revisited (Keynote)
- The Mobile Exploit Intelligence Project
- The Exploit Intelligence Project
- So You Want To Train An Army Of Ninjas
Podcasts & Interviews
- Risky Business #835: WhatsApp private AI inference On private AI inference and our audit of WhatsApp's setup.
- Sponsored: Trail of Bits going all-in on AI On rebuilding Trail of Bits around AI agents.
- Mic Drop: The ego exploit How a mundane Zoom feature became a hacker's best friend.
- Sponsored: Trail of Bits on post-quantum cryptography On post-quantum cryptography.
- What the hell are the blockchain people doing & why isn't it a dumpster fire?
- DeFi and Memecoins: The Fastest, Riskiest Way to Get Rich in Crypto
- Q&A with Trail of Bits Co-Founder Dan Guido Long-form on running Trail of Bits, blockchain audits, and where the bugs come from.
- Fixing Software, Not Bugs
- Meet Algo, your personal VPN in the cloud
- Interview with Ed Amoroso
- Attacker Math and Exploit Intelligence
- Interview with Dan Guido
Writing
- How we made Trail of Bits AI-native, so far Where we are after a year of rebuilding the company around AI agents.
- Trail of Bits' Buttercup wins 2nd place in AIxCC Challenge Second at DARPA AIxCC, $3M prize. Autonomous bug-finding works.
- The Unconventional Innovator Scholarship
- Mitigating ELUSIVE COMET Zoom remote control attacks Anatomy of the social engineering attempt against me.
- The $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived The biggest crypto heist in history wasn't a smart contract bug.
- Trail of Bits Advances to AIxCC Finals Top 7 of 39 in the AIxCC semifinal.
- Trail of Bits' Buttercup heads to DARPA's AIxCC Our AI cyber reasoning system enters the DARPA competition.
- iVerify is now an independent company
- How AI will affect cybersecurity: what we told the CFTC
- What we told the CFTC about crypto threats
- Our full report on the Voatz mobile voting platform
- Introducing iVerify, the security toolkit for iPhone users
- Trail of Bits donates $100,000 to support young researchers through Summercon
- The smart fuzzer revolution
- Meet Algo, the VPN that works
- Why I didn't catch any Pokémon today
- The DBIR's Forest of Exploit Signatures
- Apple can comply with the FBI court order The post that coined "FBiOS" during the San Bernardino standoff.
- Why we give so much to CSAW
- Empire Hacking
- Education initiative spotlight: CSAW summer program for women
- A Case Study of Intelligence-Driven Defense