In the Spring 2012 semester, the NYU-Poly Computer Science and Engineering department established a program for Hackers in Residence. In this program, recognized industry experts are invited to the university to enhance student academics, oversee and direct research initiatives, and expand collaboration with outside industry groups. As a charter members they invited long-time collaborators Dan Guido and Dino Dai Zovi of Trail of Bits, a local information security startup, to coordinate these initiatives for the university.
Since 2009, Dan Guido has taught a class in Penetration Testing and Vulnerability Analysis, which teaches students the fundamental technical skills required to identify, analyze, and exploit software vulnerabilities. Since that time, this course has become internationally recognized as one of the most rigorous and up-to-date university courses covering this topic and parts of the material has been incorporated into courses at other universities and into onboarding programs at security firms around the US. Alumni from the course have discovered and fixed vulnerabilities in major commercial software, released open-source security tools, and have spoken at major security conferences like Black Hat USA. After years of running this course, it has established NYU-Poly as a center of gravity among security professionals in NYC.
In order to achieve these results, this course departs from standard academic practice and is designed to be taught by a consortium of local security professionals, each of whom specialize in a fundamental area of knowledge covered by the class. Students receive a wide range of viewpoints and experience from practicing experts, each of whom works in the local area at a company looking for additional talent. As proof of the effectiveness of this method, every boutique security firm in NYC counts at least one graduate from NYU-Poly among their ranks.
StudentsOur Hackers in Residence also advise students on practical research in the areas of static source code analysis, vulnerability exploitation, automated penetration testing, binary analysis, mobile operating system security, intrusion detection, targeted phishing, security economics, program analysis, exploit mitigations, and sandboxing. They regularly meet with students to help them refine their research ideas. To find out when they will be available to meet with students, check the ISIS Calendar.
Zachary Cimafonte - Data-Flow Tracing in Mobile Applications
Jedidiah Borovik - Autonomous Agent-Based Post-Exploitation
Joshua Alexander - Mapping Organizational Exposure to Targeted Phishing
Siavash Safaei - A Concurrent Portable Post-exploitation Framework