Hackers In Residence

In the Spring 2012 semester, the NYU-Poly Computer Science and Engineering department established a program for Hackers in Residence.   In this program, recognized industry experts are invited to the university to enhance student academics, oversee and direct research initiatives, and expand collaboration with outside industry groups.  As a charter members they invited long-time collaborators Dan Guido and Dino Dai Zovi of Trail of Bits, a local information security startup, to coordinate these initiatives for the university.

Since 2009, Dan Guido has taught a class in Penetration Testing and Vulnerability Analysis, which teaches students the fundamental technical skills required to identify, analyze, and exploit software vulnerabilities. Since that time, this course has become internationally recognized as one of the most rigorous and up-to-date university courses covering this topic and parts of the material has been incorporated into courses at other universities and into onboarding programs at security firms around the US. Alumni from the course have discovered and fixed vulnerabilities in major commercial software, released open-source security tools, and have spoken at major security conferences like Black Hat USA. After years of running this course, it has established NYU-Poly as a center of gravity among security professionals in NYC. 

In order to achieve these results, this course departs from standard academic practice and is designed to be taught by a consortium of local security professionals, each of whom specialize in a fundamental area of knowledge covered by the class. Students receive a wide range of viewpoints and experience from practicing experts, each of whom works in the local area at a company looking for additional talent. As proof of the effectiveness of this method, every boutique security firm in NYC counts at least one graduate from NYU-Poly among their ranks. 

Dino Dai Zovi has been working in information security for over a decade with experience in red teaming, penetration testing, software security, information security management, and cybersecurity R&D. Dino is also a regular speaker at information security conferences having presented his independent research on memory corruption exploitation techniques, 802.11 wireless client attacks, and Intel VT-x virtualization rootkits over the last 10 years at conferences around the world including DEFCON, BlackHat, and CanSecWest. He is a co-author of the books "The iOS Hacker's Handbook" (Wiley, 2012), "The Mac Hacker’s Handbook" (Wiley, 2009), and "The Art of Software Security Testing" (Addison-Wesley, 2006). In 2008, eWEEK named him one of the 15 Most Influential People in Security. In 2012, NYU-Poly named him a Hacker in Residence and he now oversees security research at the university. He is perhaps best known in the information security and Mac communities for winning the first Pwn2Own contest at CanSecWest 2007.

Our Hackers in Residence also advise students on practical research in the areas of static source code analysis, vulnerability exploitation, automated penetration testing, binary analysis, mobile operating system security, intrusion detection, targeted phishing, security economics, program analysis, exploit mitigations, and sandboxing.  They regularly meet with students to help them refine their research ideas.  To find out when they will be available to meet with students, check the ISIS Calendar.

Zachary Cimafonte - Data-Flow Tracing in Mobile Applications
Jedidiah Borovik - Autonomous Agent-Based Post-Exploitation
Joshua Alexander - Mapping Organizational Exposure to Targeted Phishing
Siavash Safaei - A Concurrent Portable Post-exploitation Framework

In Progress