Aaron Portnoy
Security Researcher
Aaron Portnoy is a researcher within TippingPoint's security research group. His responsibilities include reverse engineering, vulnerability discovery, and tool development. Aaron has discovered critical vulnerabilities affecting a wide range of enterprise vendors including: Microsoft, Adobe, RSA, Citrix, Symantec, Hewlett-Packard, IBM and others.
Additionally, Aaron has presented original research at conferences such as BlackHat US, BlackHat Japan, Microsoft's BlueHat, and Toorcon, among others. He has contributed mind share and code to OpenRCE, PaiMei, Sulley, PyMSRPC, as well as various white papers and books.
- Published Advisories:
- TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability
- TPTI-07-21: Adobe Flash Player JPG Processing Heap Overflow Vulnerability
- TPTI-07-18: EMC RepliStor Server Heap Overflow Vulnerability
- TPTI-07-17: CA BrightStor Hierarchical Storage Manager SQL Injection Vulnerabilities
- TPTI-07-16: CA BrightStor Hierarchical Storage Manager Buffer Overflow Vulnerabilities
- TPTI-07-14: HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities
- TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability
- TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability
- TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities
- TPTI-07-04: LANDesk Management Suite Alert Service Stack Overflow Vulnerability
- TPTI-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability
- Upcoming Advisories:
- Hewlett-Packard (313 days since report)
- Microsoft (185 days since report)
- Appearances:
- Upcoming: Reverse Engineering Dynamic Languages, a Focus on Python
2008-06-13 REcon- Upcoming: Reverse Engineering Dynamic Languages, a Focus on Python
- Reverse Engineering Cookbook
2008-04-19 Toorcon Seattle- Reverse Engineering Cookbook
- RPC Auditing Tools and Techniques
2007-11-22 DeepSec In-Depth Security Conference- RPC Auditing Tools and Techniques
- Advanced Fuzzing with Sulley
2007-10-25 BlackHat Japan- Advanced Fuzzing with Sulley
- Fuzzing Sucks!
2007-09-27 Microsoft BlueHat- Fuzzing Sucks!
- Fuzzing Sucks!
2007-08-02 BlackHat US- Fuzzing Sucks!
- RPC Auditing Tools and Techniques
2007-05-12 Toorcon Seattle- RPC Auditing Tools and Techniques
- Blog Entries
- First Annual DeepSec Security Conference
created 2007-11-24 (0 comments, 1344 views)- First Annual DeepSec Security Conference
- Sulley vs. HP OpenView
created 2007-08-24 (2 comments, 2605 views)- Sulley vs. HP OpenView
