Matt Oh

Matt Oh는 다른그림의 Founder/CEO로서 워싱턴주 시애틀에 위치한 Microsoft의 사이버 시큐리티팀에서 10여년간 시큐리티 리서쳐로서 일하였습니다. 기존의 제품과 서비스를 통한 사이버 시큐리티의 한계를 느끼고, 사이버 시큐리티 인력 들의 퀄리티 향상을 위한 스타트업에 대한 생각을 가지고 다른그림을 창립하게 되었습니다. 현재 여러 컨텐츠들을 만들면서, 다양한 포맷의 지식 전달 방법들을 개발하고 있습니다.

전문 분야

Matt Oh는 다음과 같은 여러 분야에 대한 지식과 인사이트를 가지고 있습니다.

  • 취약점 연구
  • 취약점 발견
  • 패치 분석
  • APT 등의 복잡한 형태의 말웨어 분석
  • 하드웨어 리버스 엔지니어링

다음은 여러 분야에 대한 퍼블리케이션 내역입니다. 링크가 없는 문서들은 링크들을 계속 추가할 예정입니다.

Vulnerability Research

Name Organization
Return of the kernel rootkit malware (on windows 10) BlueHat v18
Taking apart a double zero-day sample discovered in joint hunt with ESET Microsoft
Hardening Windows 10 with zero-day exploit mitigations Microsoft
Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005 Microsoft
Recent Exploit Trend and Mitigation, detection Tactics ZeroNights 2017
Windows Defender ATP detects malicious process injection seen on recent ZINC Adobe Flash 1-day exploit (CVE-2018-4878) Microsoft
THE ART OF REVERSE ENGINEERING FLASH EXPLOITS BlackHat
Duqu 2.0 Win32k exploit analysis Virus Bulletin
Understanding type confusion vulnerabilities: CVE-2015-0336 Microsoft
SandWorm’s target: A patch history of Object Packager HP Security Research
CVE-2014-6352 OLE packager vulnerability and a failed patch for SandWorm HP Security Research
Technical analysis of the SandWorm Vulnerability (CVE-2014-4114) HP Security Research
Playing with Adobe Flash Player Exploits and Byte Code HP Security Research
Technical Analysis of CVE-2014-0515 Adobe Flash Player Exploit HP Security Research
The mechanism behind Internet Explorer CVE-2014-1776 exploits HP Security Research
Microsoft IE zero day and recent exploitation trends (CVE-2014-1776) HP Security Research
Patch analysis of latest Microsoft Office vulnerability (CVE-2014-1761) HP Security Research
Technical Analysis of CVE-2014-1761 RTF Vulnerability HP Security Research
Updated data shows prevalence of Java malware in 2012 Microsoft
A technical analysis of a new Java vulnerability (CVE-2013-0422) Microsoft
A technical analysis on new Java vulnerability (CVE-2012-5076) Microsoft
A technical analysis on CVE-2012-1535 Adobe Flash Player vulnerability: Part 2 Microsoft
A technical analysis on CVE-2012-1535 Adobe Flash Player vulnerability: Part 1 Microsoft
Protecting yourself from CVE-2012-4681 Java exploits Microsoft
The rise of a new Java vulnerability - CVE-2012-1723 Microsoft
How to protect yourself from Java-based malware Microsoft
Recent Java Exploitation Trends and Malware Microsoft
A technical analysis of Adobe Flash Player CVE-2012-0779 Vulnerability Microsoft
Vulnerability analysis, practical data flow analysis and visualization Microsoft
An interesting case of JRE sandbox breach (CVE-2012-0507) Microsoft
Vulnerability analysis, practical data flow analysis and visualization - CanSecWest 2012 Microsoft
AVM Inception: How we can use AVM inception in a beneficial way ShmooCon 2012
A Technical Analysis on the Exploit for CVE-2011-2110 Adobe Flash Player Vulnerability Microsoft
A Technical Analysis on the CVE-2011-0609 Adobe Flash Player Vulnerability Microsoft
My Sweet Valentine - the CIFS Browser Protocol Heap Corruption Vulnerability Microsoft
Brief Analysis On Adobe Reader SING Table Parsing Vulnerability (CVE-2010-2883) Microsoft
Technical Analysis on iPhone Jailbreaking ForcePoint
Microsoft LNK Vulnerability Brief Technical Analysis(CVE-2010-2568) ForcePoint
Having fun with Adobe 0-day exploits ForcePoint

Vulnerability Findings

Name Organization
APSB18-09: Adobe Reader Double Free Vulnerability Adobe Security Bulletin
Microsoft Vulnerability Research Advisory MSVR12-004: JPEG 2000 Memory Overwrite Vulnerability in OpenJPEG Could Allow Arbitrary Code Execution Microsoft
Microsoft Vulnerability Research Advisory MSVR12-001: Vulnerabilities in XnViewer Could Allow Remote Code Execution Microsoft
Microsoft Vulnerability Research Advisory MSVR11-016: Vulnerability in NVIDIA Stereoscopic 3D Driver Could Allow Elevation of Privilege Microsoft
Microsoft Vulnerability Research Advisory MSVR11-013: Vulnerability in Wireshark Could Allow Remote Code Execution Microsoft
Workstation Service NetpManageIPCConnect Buffer Overflow Microsoft
Microsoft Vulnerability Research Advisory MSVR11-011: Vulnerability in FFmpeg Matroska Format Decoder Could Allow Remote Code Execution Microsoft
Microsoft Vulnerability Research Advisory MSVR11-012: Vulnerability in FFmpeg Could Allow Remote Code Execution Microsoft

Patch Analysis Research

Name Organization
DarunGrim - A Tool for Binary Diffing and Automatic Vulnerabilities Pattern Matching EUSecWest 2010
Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries Black Hat USA 2009
Diffing Binaries vs Anti-diffing binaries XCON 2009 (Beijing)
Exploit Spotting Locating Vulnerabilities Out of Vendor Patches Automatically Black Hat USA 2010/ DEFCON 18

APT & Malware Research

Name Organization
Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation Microsoft
Reverse engineering DUBNIUM –Stage 2 payload analysis Microsoft
Reverse-engineering DUBNIUM’s Flash-targeting exploit Microsoft
Reverse-engineering DUBNIUM Microsoft
Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign Microsoft
Hunting down Dofoil with Windows Defender ATP Microsoft
Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak Microsoft
An interesting case of Mac OSX malware Microsft
Extracting Malicious Codes from the Process Memory: ZeuS Case ForcePoint
Analyzing Malwares Using Microsoft Tools ForcePoint
De-obfuscating the obfuscated binaries with visualization ForcePoint
An evolution of BlackPOS malware HP Security Research

Hardware Reverse Engineering

Name Organization
Reverse Engineering Flash Memory for Fun and Benefit BlackHat/ReCon 2014
Reverse engineering NAND Flash Memory – POS device case study (part 3/3) HP Security Research
Reverse engineering NAND Flash Memory – POS device case study (part 2/3) HP Security Research
Reverse Engineering NAND Flash Memory – POS device case study (part 1/3) HP Security Research
Hacking my smart TV - an old new thing HP Security Research
Smart home appliance security and malware Virus Bulletin
Hacking POS Terminal for Fun and Non-profit HP Security Research
Reverse engineering NAND Flash for fun and profit HP Security Research
How I learned to hack my TV (and started worrying about the future) HP Security Research

Financial Crime & Malware Investigations

Name Organization
HP Security Research Threat Intelligence Briefing episode 12 - The evolution of credit card crime