Aaron Portnoy
Security Researcher
Aaron Portnoy is a researcher within TippingPoint's security research group. His responsibilities include reverse engineering, vulnerability discovery, and tool development. Aaron has discovered critical vulnerabilities affecting a wide range of enterprise vendors including: Microsoft, Adobe, RSA, Citrix, Symantec, Hewlett-Packard, IBM and others.
Additionally, Aaron has presented original research at conferences such as BlackHat US, BlackHat Japan, Microsoft's BlueHat, and Toorcon, among others. He has contributed mind share and code to OpenRCE, PaiMei, Sulley, PyMSRPC, as well as various white papers and books.
- Published Advisories:
- TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow Vulnerability
- TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability
- TPTI-07-21: Adobe Flash Player JPG Processing Heap Overflow Vulnerability
- TPTI-07-18: EMC RepliStor Server Heap Overflow Vulnerability
- TPTI-07-17: CA BrightStor Hierarchical Storage Manager SQL Injection Vulnerabilities
- TPTI-07-16: CA BrightStor Hierarchical Storage Manager Buffer Overflow Vulnerabilities
- TPTI-07-14: HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities
- TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability
- TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability
- TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities
- TPTI-07-04: LANDesk Management Suite Alert Service Stack Overflow Vulnerability
- TPTI-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability
- Upcoming Advisories:
- Hewlett-Packard (456 days since report)
- Microsoft (91 days since report)
- Microsoft (155 days since report)
- Appearances:
- Reverse Engineering Dynamic Language Multiplayer Online Games
2008-10-01 BA-Con Applied Security Conference- Reverse Engineering Dynamic Language Multiplayer Online Games
- Reverse Engineering Python Applications
2008-07-28 USENIX WOOT- Reverse Engineering Python Applications
- Reverse Engineering Dynamic Languages, a Focus on Python
2008-06-13 REcon- Reverse Engineering Dynamic Languages, a Focus on Python
- Reverse Engineering Cookbook
2008-04-19 Toorcon Seattle- Reverse Engineering Cookbook
- RPC Auditing Tools and Techniques
2007-11-22 DeepSec In-Depth Security Conference- RPC Auditing Tools and Techniques
- Advanced Fuzzing with Sulley
2007-10-25 BlackHat Japan- Advanced Fuzzing with Sulley
- Fuzzing Sucks!
2007-09-27 Microsoft BlueHat- Fuzzing Sucks!
- Fuzzing Sucks!
2007-08-02 BlackHat US- Fuzzing Sucks!
- RPC Auditing Tools and Techniques
2007-05-12 Toorcon Seattle- RPC Auditing Tools and Techniques
- Blog Entries
- Hacking the Pirates of the Caribbean Online MMORPG
created 2008-06-23 (41 comments, 9519 views)- Hacking the Pirates of the Caribbean Online MMORPG
- First Annual DeepSec Security Conference
created 2007-11-24 (0 comments, 1959 views)- First Annual DeepSec Security Conference
- Sulley vs. HP OpenView
created 2007-08-24 (2 comments, 3487 views)- Sulley vs. HP OpenView
