TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... In December of 2007, Microsoft released seven security bulletins which fixed 11 new security vulnerabilities. TippingPoint and ZDI were credited with discovering a total of four of those vulnerabilities.

Aaron Portnoy

Aaron Portnoy's Image

Security Researcher


Aaron Portnoy is a researcher within TippingPoint's security research group. His responsibilities include reverse engineering, vulnerability discovery, and tool development. Aaron has discovered critical vulnerabilities affecting a wide range of enterprise vendors including: Microsoft, Adobe, RSA, Citrix, Symantec, Hewlett-Packard, IBM and others.

Additionally, Aaron has presented original research at conferences such as BlackHat US, BlackHat Japan, Microsoft's BlueHat, and Toorcon, among others. He has contributed mind share and code to OpenRCE, PaiMei, Sulley, PyMSRPC, as well as various white papers and books.

Published Advisories:
  • TPTI-10-01: HP Data Protector Server Cell Manager Remote Code Execution Vulnerability
  • TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability
  • TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability
  • TPTI-09-11: HP OpenView NNM OvWebHelp.exe CGI Topic Heap Overflow Vulnerability
  • TPTI-09-10: HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow Vulnerability
  • TPTI-09-09: HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow Vulnerability
  • TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability
  • TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability
  • TPTI-09-05: Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability
  • TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow Vulnerability
  • TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow Vulnerability
  • TPTI-08-08: Microsoft Office RTF \dpendgroup Control Word Buffer Overflow Vulnerability
  • TPTI-08-09: Microsoft Office RTF \stylesheet Control Word Buffer Overflow Vulnerability
  • TPTI-08-07: Microsoft Windows Message Queuing Service Memory Corruption Vulnerability
  • TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow Vulnerability
  • TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability
  • TPTI-07-21: Adobe Flash Player JPG Processing Heap Overflow Vulnerability
  • TPTI-07-18: EMC RepliStor Server Heap Overflow Vulnerability
  • TPTI-07-17: CA BrightStor Hierarchical Storage Manager SQL Injection Vulnerabilities
  • TPTI-07-16: CA BrightStor Hierarchical Storage Manager Buffer Overflow Vulnerabilities
  • TPTI-07-14: HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities
  • TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability
  • TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability
  • TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities
  • TPTI-07-04: LANDesk Management Suite Alert Service Stack Overflow Vulnerability
  • TPTI-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability
  • Appearances:
  • Lecture on Reverse Engineering
    2009-10-02 Polytechnic Institute of NYU
  • Reversing Microsoft DirectShow and 3rd Party Codecs
    2009-06-22 You Sh0t The Sheriff
  • Exploiting Online Games
    2009-04-23 RSA Conference 2009
  • Reverse Engineering Dynamic Language Multiplayer Online Games
    2008-10-01 BA-Con Applied Security Conference
  • Reverse Engineering Python Applications
    2008-07-28 USENIX WOOT
  • Reverse Engineering Dynamic Languages, a Focus on Python
    2008-06-13 REcon
  • Reverse Engineering Cookbook
    2008-04-19 Toorcon Seattle
  • RPC Auditing Tools and Techniques
    2007-11-22 DeepSec In-Depth Security Conference
  • Advanced Fuzzing with Sulley
    2007-10-25 BlackHat Japan
  • Fuzzing Sucks!
    2007-09-27 Microsoft BlueHat
  • Fuzzing Sucks!
    2007-08-02 BlackHat US
  • RPC Auditing Tools and Techniques
    2007-05-12 Toorcon Seattle
  • Blog Entries
  • Exploiting MS Advisory 971778: QuickTime DirectShow
    created 2009-06-30 (3 comments, 4887 views)
  • Using PyMSRPC to Trigger MS08-067
    created 2008-11-06 (2 comments, 4417 views)
  • BA-Con and Ekoparty 2008
    created 2008-10-09 (0 comments, 2483 views)
  • Hacking the Pirates of the Caribbean Online MMORPG
    created 2008-06-23 (60 comments, 27458 views)
  • First Annual DeepSec Security Conference
    created 2007-11-24 (0 comments, 3873 views)
  • Sulley vs. HP OpenView
    created 2007-08-24 (2 comments, 5888 views)