home

papers & talks & appearances

this page is a list of my more formal apperances, in LIFO order.
personal blog postings can be found here.
yellow indicates an expected upcoming appearance; red indicates a canceled appearance or event.

by year: 2024 • 2023 • 2022 • 2021 • 2020 • 2019 • 2018 • 2017 • 2016 • 2015

2024

talk

"Building a Rusty path validation library for PyCA Cryptography"
PyCon 2024 o/b/o Trail of Bits, May 2024.
Slides and video pending.

talk

"Implementing X.509 path validation for Python"
Open Source Cryptography Workshop o/b/o Trail of Bits, March 2024.
Slides & Video

podcast

"ReDoS reports and the general incentives/trends that have spurred them"
MLSecOps Podcast, February 2024.
Podcast

talk

"An Introduction to Trusted Publishing on PyPI"
OpenSSF London Meetup o/b/o Trail of Bits, February 2024.
Slides

2023

talk

"What does it look like to code-sign for an entire packaging ecosystem?"
ACM SCORED o/b/o Trail of Bits, November 2023.
Slides

talk

"Securing your Package Ecosystem with Trusted Publishing"
PackagingCon o/b/o Trail of Bits, October 2023.
Slides & Video

talk

"Securing your Package Ecosystem with Trusted Publishing"
Google OSS roundtable @ Google Austin o/b/o Trail of Bits, October 2023.
Slides

talk

"Trusted Publishing: Lessons from PyPI"
OpenSSF Day Europe o/b/o Trail of Bits, September 2023.
Slides & Video

talk

"It's 6PM: Do you know what your builds are doing?"
OSIRIS Lab colloquium o/b/o Trail of Bits, May 2023.
Slides

talk

"Ergonomic codesigning for the Python ecosystem with Sigstore"
PyCon o/b/o Trail of Bits, April 2023.
Slides & Video

talk

"Windows codesigning without Windows: taming the root of trust"
Empire Hacking o/b/o Trail of Bits, February 2023.
Slides

2022

talk

"Python Packaging Mystery Meat"
HushCon West o/b/o Trail of Bits, December 2022.
Slides

talk

"Sigstore for Python Packaging: Next Steps for Adoption"
Sigstorecon o/b/o Trail of Bits, October 2022.
Slides & Video

talk

"die, PGP, die"
Summercon o/b/o Trail of Bits, July 2022.
Slides

podcast

"It Depends"
Trail of Bits Podcast, June 2022.
Podcast

talk

"A mostly gentle introduction to LLVM"
UMD-CSEC colloquium o/b/o Trail of Bits, April 2022.
Slides

2021

paper & talk

"Differential analysis of x86-64 instruction decoders"
The Seventh Workshop on Language-Theoretic Security (LangSec) at IEEE S&P, May 2021.
Co-researchers: Niki Carroll (GMU) and Sebastiaan Peters (TU/e).
Preprint & Video (backup, not live) & Slides.

talk

"compilers HATE him: use this ONE WEIRD TRICK to hide a message in your x86 program!!"
!!Con 2021, May 2021.
Slides & Video

2020

talk

"Making build instrumentation boring with blight"
Lightning talk @ Empire Hacking o/b/o Trail of Bits, December 2020.
Slides & Video

talk

"Destroying x86_64 Decoders with Differential Fuzzing"
INFILTRATE Miami o/b/o Trail of Bits, November 2020.
Slides and video pending.

talk

"Bringing Two Factor Authentication to PyPI"
Canceled due to COVID-19.
PyCon o/b/o Trail of Bits, ~~April 2020~~.
~~Slides and video pending.~~

talk

"TUFening PyPI: Securing the Package Supply Chain"
Canceled due to COVID-19.
PyCon o/b/o Trail of Bits w/ Paul Kehrer, ~~April 2020~~.
~~Slides and video pending.~~

talk

"steg86: hiding messages in x86 binaries"
Rust Munich, August 2020.
Slides & Video

talk

"Differential fuzzing, or: how to find bugs when (ground) truth isn't real"
UMD-CSEC colloquium o/b/o Trail of Bits, April 2020.
Slides

talk

"Differential fuzzing, or: how to find bugs when (ground) truth isn't real"
OSIRIS Lab colloquium o/b/o Trail of Bits, March 2020.
Slides

2019

talk

"It's coming from inside the house: kernel space fault injection with KRF"
CSAW C2 o/b/o Trail of Bits, November 2019.
Slides

talk

"Improving PyPI's security with Two Factor Authentication"
PyGotham o/b/o Trail of Bits, October 2019.
Slides & Video

podcast

"FLOSS Weekly 545: PyPI Security"
FLOSS Weekly o/b/o Trail of Bits, September 2019.
Podcast

talk

"It's coming from inside the house: kernel space fault injection with KRF"
Linux Security Summit NA o/b/o Trail of Bits, August 2019.
Slides & Video

podcast

"Security, UX, and Sustainability For The Python Package Index"
Podcast.__init__ o/b/o Trail of Bits, August 2019.
Podcast

talk

"Going sicko mode on the Linux Kernel"
Empire Hacking o/b/o Trail of Bits, February 2019.
Slides

2018

talk

"Fuzzing 101"
UMD-CSEC colloquium o/b/o Trail of Bits, Fall 2018.
Slides

lecture series

"CMSC389R: Introduction to Ethical Hacking"
1-credit STICs course at UMD, Spring 2018. 14 weeks of lectures.
Course materials (Syllabus, slides, assignments) – Video available upon request

2017

talk

"Ruby Obfuscation Techniques"
UMD-CSEC colloquium, Fall 2017.
Slides – Source

talk

"Git 101: A Crash Course for Productive git Usage"
UMD-CSEC colloquium, Fall 2017.
Slides – Source

2016

talk

"Mach-O Internals"
Presented internally to Cipher Tech Solutions, Spring 2016.
Slides – Pandoc

paper

"EMFS: Repurposing SMTP and IMAP for Data Storage and Synchronization"
Self Published, Spring 2016.
Paper – LaTeX – arXiv

2015

article

"Cryptocurrencies, Reliable Storage, and Andrew Miller"
Shell Magazine, Spring 2015, Pages 16-18.
Department of Computer Science, University of Maryland, College Park.
Article