Anthony Weems | +15125656059 | | https://github.com/amlweems Last Updated: 2019-06-08

EXPERIENCE

Praetorian, Staff Engineer, Jan 2016 - Present Engagement lead for complex application security projects covering web, mobile, desktop, cloud, and embedded device assessments. Concurrently performed general assessment work alongside project management. Managed teams of engineers on the more complex assessments that require multiple team members with unique skills. Spoke at B-Sides, RMISC, and lectured at the University of Texas at Austin with Nathan Sportsman to the Intro to Computer Security class (CS378). Developed the Diana Platform [1], a product to deliver on-going, comprehensive, and efficient security testing coverage. Deployed continuous integration from GitLab to cloud Kubernetes clusters to enable real-time testing of platform features.

Praetorian, Senior Security Engineer, Aug 2014 - Dec 2015 Worked with a senior engineering team on web and mobile application penetration tests for venture backed startups and Fortune 1000 companies. Analyzed security and risk metrics related to Smart Lighting devices through investigation of the ZigBee network and security layers, physical teardown of the device, probing of UART pins to view debugging information, and manual analysis of device firmware in disassembled form. Current member of recently founded vulnerability research program. Vulnerability research thusfar has involved reverse engineering target binaries, source code review, instrumentation and test harness development, and fuzzing of network protocols and file parsing using american fuzzy lop. Created two new career challenges: Machine Learning challenge [2], pwnable [3].

Praetorian, Intern, Summer 2013 & Summer 2014 Worked with a senior engineering team on several pen-tests, social engineering, and reverse engineering. Performed web and mobile application pen-tests. Worked on a team with another intern to create and release https://mars.praetorian.com to beta. Developed a set of cryptography/steganography puzzles to aid candidate selection. The set of challenges is available on Praetorian's careers page [4].

PROFESSIONAL CERTIFICATIONS

Stanford University Cryptography I Certification GIAC Web Application Penetration Tester (GWAPT) [5] Offensive Security Web Expert (OSWE) [6] Certified Kubernetes Administrator (CKA) [7]

PUBLIC VULNERABILITIES

CVE-2015-5238: Stack Overflow in libtre5, also found by P0 in [8] [9] CVE-2016-4991: Command Injection in nodepdf PDF rendering library [10] CVE-2016-7063: Privilege escalation to root in Pritunl VPN client [11] CVE-2016-7064: Man-in-the-middle compromise of Pritunl VPN client [12] CVE-2018-2813: MySQL privilege esc via missing file access checks [13] CVE-2019-1003040: Jenkins Groovy sandbox escape via type coersion [14] CVE-2019-1003041: Jenkins Groovy sandbox escape via type coersion [14] CVE-2019-15021: Server-side Request Forgery in Zingbox Inspector [15] CVE-2019-15018: Tenant authentication bypass in Zingbox Inspector [16]

NOTABLE SIDE-PROJECTS

(All of the following can be found at github.com/amlweems) - gringotts: proof of concept exploit for CVE-2020-0601 - maildump: implentation of RFC 5321 for use as a catch-all email server - atmin: automatic testbase minification library (e.g. minimize http req) - abci: array-based command injection guide - stun: TLS proxy with automated certificate provisioning based on SNI - cryptopals (private): solutions to sets 1 through 7 of cryptopals - sandbox-escapes (private): research into Java sandbox escapes - hexpand: proof of concept Hash Length Extension Attack - EE319k: embedded systems lab projects, includes winning final project - tk421: toy operating system developed in spare time

REFERENCES

[1] https://www.praetorian.com/platforms/diana [2] https://www.praetorian.com/challenges/pwnable [3] https://www.praetorian.com/challenges/machine-learning [4] https://www.praetorian.com/challenges/crypto [5] https://www.youracclaim.com/badges/53efae58-c24d-48b5-94bf-5aa0d3a32aa4 [6] https://www.youracclaim.com/badges/aca5ac0a-2a05-4ae4-b2b1-59d62311895c [7] https://www.youracclaim.com/badges/pending [8] https://bugs.chromium.org/p/project-zero/issues/detail?id=428 [9] https://lf.lc/CVE-2015-5238.txt [10] https://lf.lc/CVE-2016-4991.txt [11] https://lf.lc/CVE-2016-7063.txt [12] https://lf.lc/CVE-2016-7064.txt [13] https://lf.lc/CVE-2018-2813.txt [14] https://lf.lc/CVE-2019-1003040.txt [15] https://security.paloaltonetworks.com/CVE-2019-15021 [16] https://security.paloaltonetworks.com/CVE-2019-15018