About

Joshua Smith, kernelsmith at kernelsmith dot com

Summary

• Vulnerability Intelligence Senior Manager and Security Researcher
• RHCSA (2008, RHEL 5), CISSP (#101330), CEH (2007)
• Master's Degree in Management of Information Systems
• Ruby, SecDevOps, Hybrid Cloud, VMware, Metasploit Dev, GDPR, Pentesting, Vulnerability Assessments, Reverse Engineering, Information Security Policy
• Veteran, 20 Professional Years, 10 Years in the USAF, 15 in Information Security
• LinkedIn

Objective

To make things and break things. To work with great people who like to do the same. To architect teams and solutions focused on breaking things and preventing said breakage.

Bio

Kernelsmith is a "jack-of-all" trades. He has a BS in aeronautical engineering and an MA in Management of Information Systems. He also started an MS in Computer Science, but decided that playing with his kids and hacking were more fun and important. Josh spent the first decade of his professional career as an officer in the U.S. Air Force where he had many odd jobs including nuclear ICBM launch officer, systems engineer, and action officer for a 3-star general. Most importantly however, he was lucky enough to land at the 92d Information Warfare Aggressor Squadron (later Information Operations Squadron). At the 92d (yes, that's how the military says 92nd), he was finally allowed to get his hands dirty with vulnerability assessments, pentests, and red teaming. Post-military, he became a security engineer at the Johns Hopkins Univ. Applied Physics Lab (JHUAPL) doing and learning all sorts of cool stuff, most of it classified, but also started contributing to the Metasploit Framework. Josh was very humbled to become an external Metasploit developer as well as a security researcher at the Zero Day Initiative where he got to reverse engineer all sorts of cool 0-day vulnerabilities and architect and implement solutions to challenges facing the "world's largest, vendor-agnostic, bug bounty program".

Background

Experience

Short Version

Extensive experience in executing and managing network vulnerability assessments & penetration tests. Skilled in network vulnerability analysis including identification and remediation of vulnerabilities, development and application of network security technologies, data capture and analysis. Experienced in computer system/network vulnerability and exploit research and malware analysis. Spent majority of current job evaluating and reverse engineering submitted and discovered zero-day vulnerabilities for exploitability and root-cause analysis. More recently, focused on architecting and managing a team implementing scalable fuzzing infrastructure. Can navigate easily in all major command-line and graphical operating system environments as well as most VMware environments. Capable in multiple scripting languages, but by far most proficient in Ruby.

Long Version

• Vulnerability Intelligence Senior Manager & Security Researcher, HPE/Trend Micro's

  Evaluate and reverse engineer submitted and self-discovered zero-day vulnerabilities for exploitability, root-cause analysis, and submission to affected vendors for remediation. Architect and maintain internal resources for tracking and discovering vulnerabilities as well as intellectual property management. Collabroate with, and automate data submission to, Mitre CVE Program.

• Senior Security Researcher, NSS Labs, Austin, TX 2012 - 2013

  Researched and applied exploitation, evasion, & obfuscation techniques to add depth and realism to security device tests. Automated application of these techniques,when possible, and other test processes such as network traffic replay. Lead initial execution of “breach detection” testing. Designed and developed automated testing framework in Ruby.

• Senior Cyber Security Engineer (Senior Professional Staff II), JHUAPL, Laurel, MD, 2008 - 2012

  In the Asymmetric Operations Department, provided computer system and network security engineering support to various classified and unclassified programs, technical lead for US Government sponsored test project, cyber red team analyst, and vulnerability researcher. Performed information security assessments of non-standard computing systems such as weapon systems. Supported the Information Technology Services Department during major intrusions and intrusion attempts and consulted on the security assessment and purchase of various enterprise security technologies.

  In the Applied Information Sciences Department, acted as measurements team lead for APL’s proposal to phase I of DARPA's National Cyber Range. Determined pertinent metrics for various experimentation scenarios and developed the metrics collection and storage program for the proposal leading to a multi-million dollar phase II contract.

• United States Air Force, Air Force InfornationOperations Center, Lackland AFB, TX, 2005 - 2008

  As Assessment Operations Flight Commander & Team Chief, C4 Systems Security Engineer, led 50 military/civilian/contractor computer system and network assessments flight. Responsible for successful execution of 45+ security assessments annually. Personally, performed assessments of weapons systems, medical systems, warning systems, support systems, and base infrastructure. Responded to real-world intrusions as directed, and emulated enemy cyber forces. Actions included identification and remediation of network, host, and application vulnerabilities as well as identification & investigation of suspicious network traffic. Interfaced with National Security Agency, Air Force Office of Special Investigations, Joint Task Force-Global Network Operations, and Air Force Network Operations Centers and incident response teams.

• USAF, Electronic Systems Center, Hanscom AFB, MA, 2002 - 2005

  As Systems Engineering Lead & Commander’s Action Officer, led 50-member (gov civilian/MITRE/contractor) systems engineering acquisition team designing military satellite communication terminal capability; managed system requirements, specification development, design, and technical risk. As action officer for 3-star AF General/Program Executive Officer (PEO) responsible for 300+ government acquisition programs, created and delivered senior staff briefings, wrote & tracked executive correspondence.

• USAF, 341st Space Wing, Malmstrom AFB, MT, 1999 - 2002 Missile Combat Crew Commander & Instructor

  As instructor, developed and taught training for 250 missile officers. As crew commander, commanded 50-150 nuclear ICBMs, 20 2-person crews, and $8B in equipment during 24-hr missile “alert” duties. Led unit through extended alert duty (120 hrs/5 days) in response to the events of 9/11/01.

Education

• M.A. Management of Information Systems, University of Great Falls, Great Falls, MT 2000-2002
• B.S. Aeronautical Engineering (cum laude), Rensselaer Polytechnic Institute (RPI), Troy, NY 1994-1998
• Department of Defense Programs 2002-2006
  • Squadron Officer School, Montgomery, AL (2003), Systems Planning, Research Development, & Engineering Level II Certificate, Defense Acquisition University, Fort Belvoir, VA (2006)
• Non-degree 2009
  • Undergraduate computer science prerequisites for M.S. in Computer Science (Data Structures, Computer Organization [MIPS]), Johns Hopkins University, Baltimore, MD (2009).

Skills (Self rating out of 10)

• I consider myself an expert with Metasploit(9) and Nmap(8) and proficient with most tools present on pentesting distros.
• I am proficient with most debugging and static-analysis tools, windbg(6), IDA Pro(6), Immunity Debugger(6), gdb(4)
• Very proficient in Windows batch & 'nix shell (BASH) scripting(8), Python(5) and Ruby(8), including multiple Metasploit contributions, and was entrusted as a external developer with full commit rights.
• Extremely comfortable in Windows(9), Linux(9), and OS X(8) command-line and graphical environments.
• Extensive experience executing and managing network and system vulnerability assessments(8) and penetration tests(7) including the management of related computer test laboratories(8).
• Very familiar with Kali Linux(8).
• Skilled in network vulnerability analysis including the identification and remediation of known vulnerabilities(8), development and application of network security technologies(7), and data capture and analysis(7).
• Experienced with most virtualization technologies: Vmware (Player/Workstation) (8), Fusion(8), ESXi (8)), VirtualBox (7), and some QEMU (3) usage.
• Familiar with, but not active in, multiple other programming and scripting languages including C/C++ (4), Java (4), VB Script (4), VB.net (3) and 32-bit MIPS (6) and Intel x86 Assembly (6).
• Capable exploit developer for Windows on x86(6)/x64(5), Linux on x86(5)/x64(5), OS X on x64(4), also various on MIPS (3).

Supplemental Information

Major Publications, Honors, and Appearances

• Presentation: How (Not) to Fix Command Injection Vulnerabilities, BSides Austin, 8 Mar 2018, Austin, TX
• Presentation: VMware Escapology video, slides & code, DerbyCon 7.0, 22 Sep 2017, Louisville, KY
• Quotation: DarkReading, 1 Aug 2016
• Appearance: Viceland's "CYBERWAR: The Zero Day Market", uncredited
• Presentation: "High Def Fuzzing: Exploring Vulnerabilities in HDMI CEC", DefCon23, 8 Aug 2015, Las Vegas, NV
• Article: Software Development KITchen Sink (Realtek SDK vulnerabilities), 2014
• Appearance: fortune.com, Pwn2Own, 14 Mar 2014
• Presentation: "Anatomy of a Chinese Intrusion into a Research EDU", InfoSecSouthWest, 19 Apr 2013, Austin, TX
• Magzine Article: "My Experiences with the Metasploit Framework: From N00b to Contributor", PenTest Magazine, Vol2 No. 9 ISSN: 2084-1116, Issue 09/2012, September, pgs 35-52
• Presentation: "Metasploit: Hacker's Swiss Army Knife", Co-presenter: Jonathan Cran, Source Barcelona, 16 Nov 2011, Barcelona Spain
• Tau Beta Pi (Engineering Honor Society)
• Academic Scholarships:
  • Merit Scholarship, Rensselaer Polytechnic Institute
  • AFROTC Full Academic Scholarship
  • Merit Scholarship, University of Great Falls
• Various DoD, including Meritorious Service Medal, 2008

Security Clearance

• Top Secret – 1999 to 2013 (TS/SCI 2005 to 2012)
• Secret – 1998 to 1999

Applicable Training Courses

• Dec 2017, "Secure DevOps & Cloud App Security Training", SANS
• 2016, "Intermediate Chef", Chef.io
• Jan 2015, "Windows OS Internals for Reverse Engineers", Alex Ionescu
• Feb 2014, "Practical ARM Exploitation", Stephen {Ridley,Lawler}
• Jan 2014, "Advanced Tool Development with SMT Solvers", Sean Heelan, Persistence Labs
• Feb 2013 “Breaking Binary Applications” & “Browser Exploitation”
• Oct 2011 “Advanced Windows Exploitation”, Matteo Memelli, Offensive Security
• May 2011 “Advanced Exploit Development”, SANS
• Sep 2010 “Ruby Programming”, Mike Saltzman, trainingetc
• Apr 2010 “Windows Internals & Software Driver Development”, Open Systems Resources (OSR)
• Feb 2010 “Pentesting with BackTrack”, Mati Aharoni, Offensive Security
• Dec 2009 “Reverse-Engineering Malware: Malware Analysis Tools and Techniques”, Lenny Zeltser (SANS)
• Nov 2009 “Reverse Engineering with IDA Pro”, Chris Eagle
• Oct 2009 “Short Course in Binary Comprehension & Exploit Analysis”, Bruce Dang (Microsoft's Security Response Center)
• 2006 "Red Team Operator's Course", US Air Force
• 2005 "Intro to Cisco Networking", "TCP-IP Essentials", "Blue Team Operator's Course"