I am a man of many hats. This page, however, focuses mainly on the one related to me as a vulnerability researcher, exploit developer and reverse-engineer. Although most of the work I do within the IT-security field is confidential, due to the nature of my clients, some of it has been made public at conferences such as BlackHat, DefCon and the RSA Conference.
In my spare time, I sometimes compete in hacking competitions (CTFs). With HackingForSoju, I have been traveling to and participating in the CodeGate and SECUINSIDE finals in South Korea, DefCamp in Romania, CONFidence CTF in Romania and the DefCon finals in the US. Competing in any of these requires you to first qualify by being one of the top teams in an online qualifier round, where thousands of teams around the world can compete for the first 8-15 or so places that qualify for the finals.
From 2015 up until August 2020, I was joint-owner and CTO of Cycura. During this time, I was focusing on building our R&D and offensive security division, as well as being a key resource in the teams in question. After selling Cycura to WELL Technologies, I am now back to focusing solely on my own company ClevCode.
The last few years, I have been focusing on custom fuzzer development and mobile and browser security research and exploitation, mostly on the Android side. I don’t publish any of my research related to these areas, though, so unfortunately the fruits of my labor are for my clients eyes only. Just rest assured that is an interesting area to be in. ;)
From 2011 to 2015, and was a bit more active with various CTFs and other types of challenges, as well as on posting writeups on public challenges I solve to this blog. A selection:
– 2015: Winner of Boxen
– 2015: Winner of SweCTF
– 2013: Winner of Black Knight challenge (nSense)
– 2012: Solved the first set of Cicada 3301 challenges
– 2011: Winner of PlaidCTF
Besides PlaidCTF, all of the above challenges/competitions were ones where I competed as an individual rather than as a team (with HackingForSoju). As a side-note to that, I did score more than half the points for our team during PlaidCTF. ;)
From 2006 to 2011, I was joint-owner and CTO of Bitsec. We worked on a lot of interesting things, and I was fortunate enough to be able to speak on at least a few of them in public. We did kernel exploitation, including one of the earliest examples of remote wireless kernel exploitation, full-chain Windows exploitation, and this was also when I started getting into mobile security research (developing a remote full-chain iOS attack, etc).
For CTF challenge writeups, take a look at:
As for non-CTF related exploits, I usually don’t publish my work, but here is a selection of the few things I did publish at some point (mostly from way back, which is no indication of what I’ve been up to the last few years). ;)