:: rjohnson.uninformed.org ::

Richard Johnson
rjohnson@uninformed.org

BIO

Richard Johnson is a computer security specialist who spends his time playing in the realm of software vulnerability analysis. Richard currently fills the role of Principal Research Engineer on Sourcefire's Vulnerability Research Team, offering 10 years of expertise in the software security industry. Current responsiblities include research on exploitation technologies and automation of the vulnerability triage and discovery process. Past areas of research include memory management hardening, compiler mitigations, disassembler and debugger design, and software visualization. Richard has released public code for binary integrity monitoring, program debugging, and reverse engineering. Richard is also a Senior Editor for the Uninformed Journal and a long time resident of the Hick.org ranch.

Many thanks to Rodrigo Rubira Branco at kernelhacking.com for his contribution to md5verify. Users can now enjoy the option of SHA1 hashes and LSM integration.

PRESENTATIONS

Visualizing Software Security
Blue Hat, Redmond, Seattle, October 2008
pptx

Visualizing Software Security
VizSec, Cambridge, Massasschusetts, September 2008
pptx

Fast n Furious Transforms
Toorcon Seattle, Seattle, Washington, April 2008
pdf pptx

AutoHacking with Phoenix Enabled Data Flow Analysis
Toorcon 9, San Diego California, October 2007
pdf pptx

Logical Fuzzing
VNSECON, Ho Chi Minh, Vietnam, August 2007
pdf pptx

Memory Allocator Attack and Defense
Toorcon Seattle, Seattle, Washington, May 2007
pptx

Windows Vista: Exploitation Countermeasures
EuSecWest, London, England, March 2007
ppt

Windows Vista: Exploitation Countermeasures
Toorcon 8, San Diego, California, September 2006
ppt

Disassembler Internals II
22nd Chaos Communication Congress, Berlin, Germany, December 2005
pdf codis.tar.gz idastruct.tar.gz codis.png

x86 Disassembler Internals
Toorcon 7, San Diego, California, September 2005
pdf codis.tar.gz codis screenshot

Automated Debugging and Process Analysis
Interz0ne IV, Atlanta, Georgia, March 2005
pdf dltrace-0.5.tar.bz2 dltrace.README

Hooking the Linux ELF Loader
Toorcon 6, San Diego, California, October 2004
pdf md5verify

A Comparison of Buffer Overflow Prevention Implementations and Weaknesses
Defcon 12, Las Vegas, Nevada, July 2004
pdf avtp.tar.gz avtp.README

Black Hat USA, Las Vegas, Nevada, July 2004
pdf avtp.tar.gz avtp.README

Advanced Shellcode Implementations
Interz0ne III, Atlanta, Georgia, April 2004
pdf

PROJECTS

AVTP
md5verify
dltrace
idastruct
codis
Shred

RESOURCES

Reference Library
Development Tools

LINKS

Nologin
Metasploit
Uninformed

Richard Johnson rjohnson@uninformed.org
BIO Richard Johnson is a computer security specialist who spends his time playing in the realm of software vulnerability analysis. Richard currently fills the role of Principal Research Engineer on Sourcefire's Vulnerability Research Team, offering 10 years of expertise in the software security industry. Current responsiblities include research on exploitation technologies and automation of the vulnerability triage and discovery process. Past areas of research include memory management hardening, compiler mitigations, disassembler and debugger design, and software visualization. Richard has released public code for binary integrity monitoring, program debugging, and reverse engineering. Richard is also a Senior Editor for the Uninformed Journal and a long time resident of the Hick.org ranch. Many thanks to Rodrigo Rubira Branco at kernelhacking.com for his contribution to md5verify. Users can now enjoy the option of SHA1 hashes and LSM integration.	PRESENTATIONS Visualizing Software Security Blue Hat, Redmond, Seattle, October 2008 pptx Visualizing Software Security VizSec, Cambridge, Massasschusetts, September 2008 pptx Fast n Furious Transforms Toorcon Seattle, Seattle, Washington, April 2008 pdf pptx AutoHacking with Phoenix Enabled Data Flow Analysis Toorcon 9, San Diego California, October 2007 pdf pptx Logical Fuzzing VNSECON, Ho Chi Minh, Vietnam, August 2007 pdf pptx Memory Allocator Attack and Defense Toorcon Seattle, Seattle, Washington, May 2007 pptx Windows Vista: Exploitation Countermeasures EuSecWest, London, England, March 2007 ppt Windows Vista: Exploitation Countermeasures Toorcon 8, San Diego, California, September 2006 ppt Disassembler Internals II 22nd Chaos Communication Congress, Berlin, Germany, December 2005 pdf codis.tar.gz idastruct.tar.gz codis.png x86 Disassembler Internals Toorcon 7, San Diego, California, September 2005 pdf codis.tar.gz codis screenshot Automated Debugging and Process Analysis Interz0ne IV, Atlanta, Georgia, March 2005 pdf dltrace-0.5.tar.bz2 dltrace.README Hooking the Linux ELF Loader Toorcon 6, San Diego, California, October 2004 pdf md5verify A Comparison of Buffer Overflow Prevention Implementations and Weaknesses Defcon 12, Las Vegas, Nevada, July 2004 pdf avtp.tar.gz avtp.README Black Hat USA, Las Vegas, Nevada, July 2004 pdf avtp.tar.gz avtp.README Advanced Shellcode Implementations Interz0ne III, Atlanta, Georgia, April 2004 pdf	PROJECTS AVTP md5verify dltrace idastruct codis Shred RESOURCES Reference Library Development Tools LINKS Nologin Metasploit Uninformed