Chris Valasek

Director of Security Intelligence
IOActive
Pittsburgh, Pa
email: cvalasek [at] gmail [dot] com




















Biography

Hello, I'm Chris Valasek. I'm currently the Directory of Vehicle Security Research at IOActive guiding our automotive security research and developing new research and testing methods. I'm quite interested in reverse engineering and exploit development, along with mountain biking and many sports; mainly University of Pittsburgh Athletics, The Pittsburgh Steelers, The Pittsburgh Penguins and The Pittsburgh Pirates. As you can probably tell, I'm originally from Pittsburgh, Pa and currently reside in the city. I've also received a BS in Computer Science from the University of Pittsburgh in 2005. On top of all that, I am the current chairman of SummerCon (the nations oldest hacker convention). I'm always looking for people to present and discuss interesting topics.

Small Bio
Christopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation's oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh.


Advisory Boards
Sexual Health Innovations | Callisto Advisory Board

Educational
Technical Mentor -
Environment Charter School
Faculty - Carneige Mellon CISO Executive Program

Accolades
SC Magazine Top 6 Influential IT Security Thinkers 2013 | SC Magazine REBOOT'13 | Specific
Edward Markey Letter to Car Companies on Cyber Security & Privacy | Letters
Pwnie Judge - 2013 to Current | The Pwnies
2011 Pwnie Awards [Nominated] - Most Innovative Research - Understanding the LFH
2010 Pwnie Awards [Nominated] - Most Innovative Research - Practice Windows XP/2003 Heap Exploitation

Press
Associated Press "Automakers Aim to Drive Away Car Computer Hackers"
Live Science "Is Car Hacking the Next Big Security Threat?"
Fortune "Car hacking: how big is the threat to self-driving cars?"
IEEE Spectrum "Black Hat 2014: Hacking the Smart Car"
Wired "Hackers Could Take Control of Your Car. This Device Can Stop Them"
DarkReading "The World's Most Hackable Cars"
CNN Money "How hackers could slam on your car's brakes"
Scientific American "Fact or Fiction?: Your Car Is Hackable"
Forbes "DARPA-Funded Researchers Help You Learn To Hack A Car For A Tenth The Price"
ThreatPost "Detecting Car Attacks"
SC Magazine "Top 6 Influential IT Security Thinkers 2013" Specific
WCBS New York "Staying A Step Ahead Of Car Hackers"
NPR Science Friday "Hacking Under the Hood and Into Your Car"
CNN Money "Hackers control car's steering and brakes"
The TODAY Show "Two experts demonstrate carjacking gone digital"
VICE "THESE GUYS HACKED A CAR AND NOW THEY WANT TO SHOW YOU HOW TO DO IT TOO"
NintendoLife "Weirdness: Hackers Use NES Pad To Drive Car"
MTV Geek! "Here We Have A Guy Driving A Car With A NES Controller"
BBC "Car hackers use laptop to control standard car"
The Sunday Times "Car hackers control steering and brakes using a laptop"
SC Magazine "Car hackers' appearance on the 'Today' show was important because they were on the 'Today' show"
SecurityWeek "Podcast: Car Hacking with Charlie Miller and Chris Valasek"
Forbes "Hackers Reveal Nasty New Car Attacks--With Me Behind The Wheel (Video)"
ThreatPost "Security Experts Recommend Long, Hard Look at Disabling Java Browser Plug-In"
BBC "Viewpoint: Making sense of the Apple ID codes leak"
SearchSecurity "Researcher lauds Windows 8 memory protections"
Softpedia "Chris Valasek: The Windows 8 Heap Manager Is the Most Secure to Date"
SC Magazine [video] "Security and Windows 8"
PCMag - "Number of Macs Infected With Flashback Trojan on the Decline"
Security Watch PCMag - "Flashback: Mac Security Holed by Java"
Security Week - "Mac OS X Malware Builds Botnet More than 550,000 Strong"
ComputerWorld - "Researchers accuse Google of plotting to undercut Firefox"
Forbes - "Browser Study Sheds Light On Firefox's Insecurity (And Google Approves This Message)"
The Register - "Google Chrome is the most secured browser"
The Register - "Whitehats pierce giant hole in Microsoft security shield"
Accuvant.com - "Security Researcher Joins Accuvant LABS Team"
Computer World - "Microsoft patches URI bug, ancient DNS flaw"
X-Force Blog - [2010 - Updated I no longer work here] I post some things here from time to time

Disclosures
X-Force Alert 356 - Novell eDirectory Remote Code Execution (Bug used for Blackhat USA '09 Talk)
X-Force Alert 325 - Xvid Codec MBlock Indexing Buffer Overflow
X-Force Alert 304 - Oracle WebLogic Server Apache Connector Overflow
X-Force Alert 309 - Trend Micro ServerProtect Heap Overflow (3)
X-Force Alert 310 - Trend Micro ServerProtect Heap Overflow (3)

Presentations/Publications

KEYNOTE: The Connected Car: Security Throwback SecTOR 2014, Oct, 2014, Toronto, Canada

"A Survey of Remote Automotive Attack Surfaces" , Blackhat USA 2014, August, 2014, Las Vegas, NV, USA [paper]
"A Survey of Remote Automotive Attack Surfaces" , DEFCON 2014, August, 2014, Las Vegas, NV, USA

KEYNOTE: Automotive Attacks: Present and Future , ESCAR USA 2014, June, 2014, Ann Arbor, MI, USA

"Car Hacking for Poories", Syscan 2014, April, 2014, Singapore, Singapore [Paper]

"Adventures in Automotive Networks and Control Units", DefCon 21, July, 2013, Las Vegas, NV, USA [Paper] | [Content]
"Adventures in Automotive Networks and Control Units", H2HC 2013, October, 2013, Sao Paulo, SP, Brazil
"Adventures in Automotive Networks and Control Units", CounterMeasure 2013, November, 2013, Ottawa, Ontario, Canada

"Windows 8 Heap Internals", Blackat USA 2012, July, 2012, Las Vegas, NV, USA [Paper] [Slides]

"Heaps of Doom", Syscan Singapore 2012, April, 2012, Singapore, Singapore

"Browser Security Comparison: A Quantitative Approach", Browser Security Comparison, December, 2011

"Modern Heap Exploitation using the Low Fragmentation Heap", Infiltrate, April 2011, Miami, Florida [Prezi]
"Modern Heap Exploitation using the Low Fragmentation Heap", CONFidence, May 2011, Krakow, Poland
"Modern Heap Exploitation using the Low Fragmentation Heap", ph-netural, May 2011, Berlin, Germany

"Exploitation in the Modern Era", Blackhat USA 2011, March 2011, Barcelona, Spain [Prezi]

"Understanding the Low Fragmentation Heap: From Allocation to Exploitation", Blackhat USA 2010, July 2010, Las Vegas, Nv [Video] [Paper] [Slides]

"The Evolving Threat Landscape", Secure IT Conference 2010, March 2010, Los Angeles, Ca

"Practical Windows XP/2003 Heap Exploitation", Black Hat USA 2009, August 2009, Las Vegas, Nv [Paper] [Slides]

"IDS/IPS Security Lifecycle", Guest lecturer to Michael Hunter, CS 4235 Introduction to Information Security, July 2009, Atlanta, Ga

"Reverse Engineering 101", Guest lecturer to Mustaque Ahamad, Security Laboratory, October 2008, Atlanta, Ga

"Introduction to Vulnerability Analysis", Guest lecturer to Mustaque Ahamad, CS 6265 Security Laboratory, November 2007, Atlanta, Ga

"Introduction to Vulnerability Analysis", Phreaknic 11, October 2007, Nashville, Tn

Blog roll...
Halvar Flake - BinDiff puts everything else to shame
Dino Dai Zovi - Exploit perfectionist
Ero Carrera - Zynamics crew
Ilfak Guilfanov - IDA Pro and HexRays, need I say more
FX / Recurity - Knows more about IOS than Cisco
TAoSSA - I have the unfortunate pleasure of working with all three of these jerks (** Update, I now only work with one of these jerks **) (*** Update 2: I no longer work with any of these jerks :( ***)
Google Reader - My google reader subscriptions