Brian M. Sturk
(603)-402-1278

8 Falcon Dr. • Hudson, NH • 03051
bsturk<-A-T->comcast.net  bsturk<-A-T->briansturk.com

Download resume

Download this resume in OpenOffice format.

If you're trying to download within a browser and get an "Enter Network Password" dialog, just press "Cancel".   See HERE for more info.


Overview

  • Over 26 years of progressive experience designing and writing software using C, C++, and Python.
  • Certified Ethical Hacker (OSCP).
  • Experience in reverse engineering, info/cyber security, red/blue teaming, OS/kernel internals, real-time/embedded systems, firmware, device drivers, interfacing computers with various types of hardware and electronics, data acquisition, electro-mechanical control, and protocol development.
  • Designing and writing software for multiple platforms including kernel device drivers, file system drivers and NAS/SAN technologies, security related applications/drivers, networking protocols/applications, cross platform GUI applications, embedded system tools/scripting.
  • Very comfortable with electronics and reading chip specs/schematics.
  • Team player. Fits in well with large groups, small teams, or even working alone and ramps up quickly. Have also lead small teams.


Software and Programming

Programming
kernel and filesystem drivers, embedded systems, OS internals, network/protocol, infosec/ethical hacking, reverse engineering, data acquisition, RTOS, cross platform GUI, scripting.

Languages
C/C++, Python, ASM, Java, C#.

Operating Systems
Linux, MacOS, Windows, FreeBSD, NetBSD, Solaris, QNX RTOS.

Tools
gcc/gdb, Windbg, dtrace, Wireshark, metasploit, IDA, Ghidra, Kali Linux, Win DDK, Visual Studio, XCode, subversion, git, SWIG.

Libraries
Qt, wxWidgets/wxPython, STL, boost, MacOS IO Kit, OSR FSDK, v2linux, OpenGL, MFC.



Certifications / Patents

  • Offensive Security Certified Professional (OSCP) [Ethical Hacker] - License OS-15502




Hardware & Equipment

Electronics
oscilloscopes, logic/serial/protocol/bus analyzers, ICE, JTAG/BDM, encoders.

Computer/Hardware
x86, x64, PowerPC, ARM9, MIPS, SuperH, serial RS232/RS422/RS485, motor control, digital I/O, FPGAs, DAQ



Relevant Experience

8/16 to Present
Carbon Black / VMWare— Staff Threat Researcher - Team Lead Applied Research

Technologies/Skills Used:
blue/purple teaming, reverse engineering, ethical hacking, malware, python, IDA Pro, radare2, yara, SQL, rules, Java

  • Detection and prevention rules writer/maintainer for both cloud and endpoint (all platforms).
  • Reversing/detonating malware and threat emulation for writing/testing defense rules.
  • Architect on next gen rules platform team. Designed, prototyped, and implemented new rules framework.
  • Advanced research and cross team collaboration for new product functionality/patents.
  • Manage the Microsoft Active Protections Program (MAPP) participation and was the vulnerability evaluator for 4 years.
  • Various digital engagement activities, including blogs, threat bulletins, webinars, and presentations.

7/14 to 8/16
Verdasys/Digital Guardian— Consulting Engineer

Technologies/Skills Used:
malware, metasploit, Win DDK, VMWare, Windbg, Ollydbg, kernel/internals, OS X, iOS, ethical hacking

  • Member of the Cyber and R&D teams. Worked on the APT/EDR aspects of their DLP endpoint software.
  • Enhanced product to detect advanced malware techniques - Process Hollowing, Reflective Injection, use of App_Init for injection.
  • Added support to process injection framework to handle packed binaries.
  • New features and further development/support of hooking and injection subsystems.
  • BlackHat 2014 - wrote iPhone software booth demo. Simulated malicious email image taking over phone. Utilized Cydia Substrate.
  • BlackHat 2015 - wrote code for sponsored session "Can DLP Thwart Malware Attacks". Code added to existing product to detect and block in-memory ransomware.

1/10 to 7/14
Avid Technology— Senior Principal Engineer

Technologies/Skills Used:
Win DDK, kernel/internals, OS X, FUSE, embedded Linux, distributed file system, wireshark, Qt, Python

  • Maintenance coding/bug fixes for ISIS kernel file system driver and related software on OS X and Windows.
  • Implemented a system for creating, installing, and deploying system recovery images. Written in Qt.
  • Designed and implemented the embedded Linux platform for the ISIS 2000 product including distribution, installation/upgrade/recovery system, root filesystem generation, bootloader, and fs redundancy strategy.
  • Co-designed and implemented a Linux version of the ISIS file system driver using FUSE on RHEL 6.

9/09 to 1/1 [and 8/08-11/08]
Facilis Technologies— Consultant [Telengard Tech]

Technologies/Skills Used:
Linux, OS X, kernel, iSCSI, Win DDK, filter driver, wxWidgets, Windows 7

  • Designed and implemented a product to allow access to the Terrablock storage product over iSCSI. Heavily modified the OSS iSCSI Enterprise Target Linux software package both at the user and kernel level.
  • Re-designed and re-implemented their existing file migration tool used for bulk movement of files/projects.
  • Ported client app to Linux using wxWidgets and consolidated all supported platforms into one project.
  • Wrote applications to remount read-only volumes and resize Apple Partition Map partitions on OS X.
  • Wrote an application to hook and inject code into arbitrary application binary functions on Windows.

1/09 to 7/09
L3-Security— Consultant [Telengard Tech]

Technologies/Skills Used:
Embedded Linux, C++, Fedora, Qt, Modbus, motion control, Serial RS-232, XML-RPC

  • Wrote diagnostic code for MODBUS based Galil controller over Ethernet doing analog/digital I/O.
  • Wrote diagnostic code for serial RS-232 based Mforce motion controller.
  • Worked on Qt based diagnostics interface. Also implemented all QtScript based diagnostic code.
  • In house Linux expert for 10 DOS/Windows programmers transitioning into project.

12/07 to 8/08 [and 3/06-9/06]
Tour Andover Controls— Consultant [Telengard Tech]

Technologies/Skills Used:
Debian, embedded, busybox, u-boot, IPSEC, kernel device driver, scratchbox, ARM 920t, Serial RS-485

  • Ported 2.6.16 kernel and u-boot to custom AT91 SoC based board used for security and automation systems.
  • Wrote a Linux kernel driver to handle serial RS-485 communications utilizing on chip DMA for on board USARTs.
  • Implemented use of Debian and Scratchbox/qemu for cross compilation and debugging infrastructure for ARM9 and x86 hosts.
  • Was in house Linux expert to large group of RTOS developers in US and Sweden.
  • Wrote applications to test protocol encryption performance under load on embedded ARM board using IPSEC.

9/06 to 12/07
Cylant/Reflex Security— Consultant [Telengard Tech]

Technologies/Skills Used:
Windows, kernel, DDK, hooking, rootkits, security, IDS/IPS, Linux, Snort, Debian, VMWare

  • Ported driver portion of existing Cylant Secure HIDS product to Windows XP from Windows 2000. Driver hooked kernel calls and monitored for rootkits/malware in real time.
  • Added features and bug fixes to Reflex Security's Snort based intrusion prevention product on Debian Linux.
  • Implemented development and QA use of VMWare for sandboxing/detonating different rootkits/malware.

4/06 to 5/06 [and 1/05 to 5/05]
JK Enterprises/Kobe Steel— Consultant [Telengard Tech]

Technologies/Skills Used:
Reverse engineering, IDA PRO, VMWare, Linux, python, wxWindows, serial RS-232, DAQ

  • Removed need for dongle in abandoned application by reverse engineering and binary patching DLL.
  • Wrote an application using wxWindows to interface with a custom data acquisition system. Application communicated over serial RS-232 and displayed visual representations of probes, encoders, and other indicators.

12/05 to 4/06
Media Matters— Consultant [Telengard Tech]

Technologies/Skills Used:
FreeBSD, OS X, HW interfacing, python, wxPython

  • Wrote a application to monitor and interface with robotic tape archive machine using wxPython.

7/04 to 3/06
Siemens SNC LLC.— Consultant [Telengard Tech]

Technologies/Skills Used:
Montavista Linux, BSP, embedded, RTOS, kernel device driver, PowerPC 440GX, u-boot, UML, I2C, pthreads

  • Wrote a Linux kernel driver for Siemens' MRC FPGA for monitoring boards' health status, also wrote related APIs and diagnostics.
  • Wrote a Linux I2C kernel driver to interface with GPIO circuitry, also wrote related diagnostics.
  • Wrote a Linux kernel driver and API for Siemens' ARC chip which handled card redundancy/failover.
  • Worked on the port of the u-boot bootloader to Siemens' next generation ATCA hardware platform. Work involved bringing CPU up, POST tests, debugging HW issues, networking/PHYs init, chip select init, startup scripts, diagnostic utilities, building file system images, GPL issues, and customization for Siemens.
  • Debugged many kernel level bugs with UML in the Montavista PRO kernel. All fixes submitted to Montavista.
  • Setup a simulation environment of Siemens' hiG Media Gateway carrier grade products using User Mode Linux.
  • Debugged and fixed the VxWorks to Linux emulation library (v2linux) including many threading issues.
  • Added features to Siemens' Clock Control FPGA kernel driver.
  • Was in house Linux expert to 40+ VxWorks developers.

5/04 to 7/04 -- 1/05 to 7/05
Facilis Technologies— Consultant [Telengard Tech]

Technologies/Skills Used:
Mac OS X, kernel, wxWindows, Xcode, SCSI, Linux, file systems, IOMeter, performance

  • Wrote an application and library for OS X to communicate with Facilis' Terrablock device driver.
  • Wrote an application using wxWindows to migrate and import clients' media from other storage systems.
  • Added features to their Terrablock software on multiple platforms including Mac OS 9, OS X, and Windows.
  • Created a custom bootable Linux recovery CD to restore entire system in the event of system failure.
  • Added support for very precise timing and other features to the file system benchmark program IOMeter.
  • Wrote a Windows application to generate very consistent file system loads. Application was made into a larger testing/benchmarking framework for Facilis' storage products.

3/04 to 6/04
EqualLogic Inc— Consultant [Telengard Tech]

Technologies/Skills Used:
NetBSD, Linux, embedded system, kernel device drivers, UNIX, kgdb, MIPS, SATA, python

  • Coded new features for their iSCSI peer-storage array product. Work involved kernel device drivers for NetBSD running on MIPS (sibyte) and x86 including user/kernel coding, cross compiling, and kernel debugging.
  • Designed solution and wrote kernel code to detect and fix specific hard drive issues dynamically (*NDA).
  • Debugged and fixed kernel panics and related bugs in pre-existing kernel code using kgdb.
  • Wrote an application that could induce specific hard drive errors under very high load (*NDA).
  • Designed and implemented a system to fully automate drive qualification using 'C' apps, scripts, and Apache.
  • Wrote various applications to search for arbitrary byte patterns on raw disks, monitor SMART data, and more.
  • Maintained and added new features to an application that searched for bad blocks on a drive and repaired them if possible. Program also monitored throughput and variance data for the drives.
  • Wrote an application to exercise raw disks simulating a mail server and pseudo file system.

11/02 to 3/04
Axiam Inc— Consultant [Telengard Tech]

Technologies/Skills Used:
QNX 4.25/6.X, RTOS, Linux, DAQ, A/D boards, Digital I/O, Port I/O, DMA, Serial 232, ncurses

  • Coded new features and maintained their metrology software which interfaced with various hardware (LVDT, encoders, motors) to compute the roundness and straightness of precision parts for commercial jets.
  • Re-designed and implemented their entire system to work with custom ISA data acquisition boards.
  • Wrote software (ncurses app and Linux kernel module) to test their proprietary data acquisition boards.

4/03 to 3/04
Pinnacle Systems— Consultant [Telengard Tech]

Technologies/Skills Used:
Qt, MFC, Winsock, FTP protocol, XML, SQL, VB, WMI, threads, VC++/NET, C#, COM/DCOM

  • Designed and wrote an FTP server and client following RFC. Requirements were high performance, threaded sessions, 64 bit REST, encryption, and site specific commands for control.
  • Added many new features and maintained their VMG broadcast archiving/storage product.
  • Designed and wrote an application to gather information about a system's configuration and verify the machine's state using Qt and XML. Machines could be queried over a network allowing central verification.
  • Wrote an application to interface with Adrienne time code boards using C# and .NET.

4/00 to 4/03
Avid Technologies— Consultant [Telengard Tech]

Technologies/Skills Used:
Linux/OS X/Windows/Solaris Kernel, OS Internals, Windbg, File Systems, SCSI, protocol, Perl, Python

  • Designed, wrote, and maintained Linux kernel file system driver (VFS) and associated device drivers.
  • Wrote a kernel file system driver and associated device drivers for Solaris 8.0 (SPARC and x86).
  • Wrote kernel device drivers, a file system driver (VFS), and related user-mode tools for Macintosh OS X.
  • Wrote a Linux driver and daemon that allowed file system to work over Ethernet while waiting for Fibre driver.
  • Designed and implemented a reliable protocol on top of UDP used for messaging that required running on multiple platforms and in varying environments, including soft real-time, low memory, and kernel/user mode.
  • Modified SCSI layer on Linux to support SCSI processor device exposed by Emulex Fibre channel card.
  • Wrote a Linux library to get SCSI drive info and other information via SCSI pass-thru.
  • Designed and created an embedded Linux distribution for network based filesystem product platform.
  • Maintenance coding/bug fixes including many BSODs for kernel file system driver on Windows.
  • Wrote a Windows kernel driver to probe PCI bus for configuration info used by system profile application.
  • Designed and wrote a generic, extensible, and distributed testing framework in Python used for smoke testing multiple machines over a network using pyro. Used by SQA department for testing many of Avid's products.
  • Maintenance coding and test harness for the Unity Windows Network Provider DLL.
  • Implemented redundant servers support for NT product using sockets, Inet Helper API, and MFC.
  • Reverse engineered the 3Ware IDE RAID/SAN JBOD user mode/kernel mode protocol for use in Avid products.
  • Implemented build process (ksh), testing procedures (Driver Verifier), and installer (Installshield) for products.
  • Wrote a test harness and related programs for the Windows API and WNet API.

11/98 to 4/00(+)
Speedline Technologies/CAMalot— Full Time/Perm [Telengard Tech+]

Technologies/Skills Used:
2K/NT DDK, Kernel, Port I/O, Serial 232/422-USB, Java, MFC, Perl, RPC, Obj Grid, PVCS, Installshield

  • (+9/02) Wrote a Windows kernel driver to access IO boards over parallel ports. Also install and config utilities.
  • Implemented many major subsystems for semiconductor dispensing machine (low-level and GUI components) including temperature controllers, weight scales, conveyor, digital I/O, motion control.
  • Wrote an NT Virtual Device Driver to run DOS based GFX product on Windows NT.
  • Wrote a configuration/installation utility to burn firmware for Galil motion cards using port I/O.
  • Co-designed and implemented protocol for communicating with RS-485 boards on older machines from Windows NT.
  • Created and maintained Installshield installations for both Windows NT products (XYFlex and Matrixx).
  • Configuration management and build admin using PVCS, Configuration Builder, Perl, and cygwin.

10/97 to 11/98(+)
Northern Research and Engineering— Consultant [New Boston Systems]

Technologies/Skills Used:
MFC, COM, STL, Objective Grid-Toolkit, BoundsChecker, ClearCase, OpenGL, DirectX, cygwin

  • (+11/99-4/00) Provided new features, bug fixes, and an installer for their Ritap product.
  • Redesigned and rewrote COMIG, a mechanical design package for turbomachinery. Also added many new features.
  • Wrote a C++ class library (MFC extension DLL) wrapping the charting library used by all NREC products.

1/96-10/97
Henschel, Inc.— Programmer / E. E. Tech

Technologies/Skills Used:
NT DDK, kernel drivers, Port I/O, 8051, MFC, Borland C++, BoundsChecker, IoWorks, Fastgraph

  • Windows kernel driver and related code for interfacing/data acquisition with synchro cards and other hardware.
  • Wrote Windows service to interface with Raytheon and Navy computers. The service read signals (RS-422, synchro, NTDS, and Ethernet) converting them to NEMA strings and sending to Raytheon's equipment, and driving other hardware. Signals received also sent to GUI applications with controls simulating their analog counterparts.
  • Wrote Henschel's Alarm Activation Panel used on Navy vessels. Talked over the parallel port using port I/O.
  • Maintained embedded throttle control project running on 8051 microcontroller.
  • Wrote dimmer application and protocol that controlled a custom PC-104 card for Windows NT.
  • Designed and built security/battery watchdog circuitry for PCCU flat panel display/embedded PC.
  • Wrote a program to detect lights in building turning on/off via photodiode circuit over parallel port.

4/91-1/95
United States Army National Guard— Combat Engineer (Rank E-4, 12C)

Technologies/Skills Used:
Demolition, mines, bridge building.

In third year of service, reclassed MOS to 96B Intelligence Analyst.



Blogs/Presentations/Webinars

Blog Linux - CVE-2016-5195 "Dirty Cow"

Blog Windows - Atombombing

Blog Windows - Macro-less Hacks

Presentation at BSides CT - Providing Robustness in Endpoint Security Controls

Webinar - Crypto Crime : Hunting for Cryptocurrency Mining in Your Enterprise


Education

5/92 - 6/96
University of Mass Lowell—Lowell, MA


Electrical Engineering program



Non-Work Related:


www.briansturk.com
- freeware programs, macros, and source code as well as my hacking projects

MAME contributor, gp2xmess, vimsh, maintainer of the Win32 Hardware-Port I/O FAQ.