TH STUART C. LARSEN · • Raspberry PI Cluster 12x Raspberry Pi/MPI/Bash Uses Message Passing...

4 0 0 W 4 5 T H S T R E E T A P T # 2 G • N E W Y O R K , N Y • 1 0 0 3 6

STUART C. LARSEN

( 9 1 7 ) 8 4 2 - 7 9 9 8 • C 0 N R A D @ C 0 N R A D . I O • C 0 N R A D . I O • G I T H U B . C O M / C 0 N R A D

EDUCATION Michigan Technolog i cal Univers i ty , Houghton, MI December 2014

• Bachelor of Science in Electrical Engineering • 3.41 Cumulative GPA • Dean's List Fall 2010, Spring 2011, Fall 2011, Spring 2012, Fall 2012

Syracuse Univers i ty , Syracuse , NY Fall 2012 • Cyber Engineering Semester

o 18-Credit Program focusing on the science of Highly Assured Systems WORK EXPERIENCE

• Penetration Tester, Yahoo! January 2015 - Present ◦ Performed penetration tests on many of Yahoo’s core products, finding hundreds of vulnerabilities ◦ Built concurrent and robust tools for exploiting, scanning, and defending tens of thousands of hosts at a time ◦ Open sourcing an http2fuzzer (multiple CVEs), an advance web spider, and a context aware xss-fuzzer

• Software Security Intern, MongoDB Summer 2014 ◦ Developed internal OpenSSL x509 certificate management system ◦ Completed penetration test and write-up on MongoDB University, and an unreleased product.

• Software Development Intern, Fog Creek Software Summer 2013 ◦ Developed data synchronization code in NodeJS/Coffeescript; code used over 500,000 times a week by hundreds

of organizations, saving thousands of dollars. • Information Assurance I Intern, Serco, Air Force Research Labs Contractor Fall 2012 ◦ Mission Assurance in Cloud Computing Environments (emphasis on Air Force Mission Critical Capabilities)

using Haskell, HOL, LaTeX, Python, and Penetration Tools (nmap, metasploit, etc). • Aerospace Enterprise Team – Oculus-ASR Nanosatellite Spring 2011, Spring 2012 ◦ Assisted in the writing the Ground Control Testing Framework – C++/Qt

• Research Assistant, University of Michigan, Ann Arbor October 2009-August 2011 ◦ Development/Validation of Production Data and Composition/Dynamic Studies of Space Plasma using

C++/Qt/Bash/PHP/Perl/80x86 asm/IDL/WebDev COMPETITIONS & CTF/WARGAMES

• 1st Place Barracuda Programming Competition. Networked AI/Learning Algorithms Fall 2014 • 1st Place Most Likely To Get The Company Sued, MongoDB Skunkworks, MongoDB Botnet Summer 2014 • 1st Place ‘Best use of API’ Bit.ly Programming Competition. stick.it, social media generation Summer 2013 • 2nd Place Michigan Tech's BonzAI Brawl Programming Competition. AI Spring 2012 • 4x 2nd Place ACM International Collegiate Programming Contest. Algorithmic 2011, 2012, 2013, 2014 • 3rd Place Hackerrank September Gamathon. AI Summer 2013 • 5th Place Tech Hacks Programming Competition. Sylvia Plath Artificial Intelligence Spring 2014 • Completed Original Matasano Crypto Challenges, Microcorruption (all by last two), a few of OverTheWire.org

PUBLIC TALKS

• Security Basics: Lessons From A Paranoid, Developer Meetup Spring 2015 • Spearing Superfish with HPKP, OWASP NYC Spring 2015 • Caspr: Content Security Policy Reporting and Aggregation, OWASP AppSec Cali 2015 Winter 2015 • MEAN Stack: MongoDB, Express, Angular, and NodeJS, University Club Fall 2014

PERSONAL PROJECTS

• Cat Fact Spammer (www.catfactspammer.com) NodeJS/MongoDB/Twilio/Stripe ◦ Text message denial of service prank website ◦ Viewed by thousands, with hundreds of paying customers

• Sngglr (www.sngglr.com) MongoDB/Express/Angular/NodeJS/Socket.io ◦ Dating website for Michigan Tech and Finlandia University students, promoting abstinence. ◦ 350 users with over 100 matches <3.

• WarGames Metasploit/Nesus/ZAP/aircrack-ng ◦ Won “Best Linux Hacker” after series of internal WarGames at Air Force Research Labs ◦ Completed most/all challenges for Leviathan/Bandit/Natas/Behemoth (overthewire.org)

• Caspr (www.caspr.io) MongoDB/Express/Angular/NodeJS/D3 ◦ Content Security Policy report aggregator

• Enforcer (https://chrome.google.com/webstore/detail/caspr-enforcer/fekcdjkhlbjngkimekikebfegbijjafd?hl=en-US) ◦ Chrome extension for enforcing arbitrary Content-Security-Policies Angular

• x509gen (www.x509gen.com) MongoDB/Express/Angular/NodeJS/Forge ◦ Website for intelligently managing/creating OpenSSL x509 certificates

• Lollersnap (retired, snapchat doesn’t like others using their API) MongoDB/Express/Angular/NodeJS/Snapchat ◦ 9gag meets snapchat, service for aggregating funny snapchats.

• Stankr (private repo) Go/MongoDB/mgo ◦ Botnet using MongoDB replica sets as command and control ◦ Won “Most likely to get the company sued” at internal MongoDB hackathon

• LifeTracker (www.lifetracker.us) MongoDB/Express/Angular/NodeJS ◦ Self help journaling website based off TedTalk

• HOLIDE (www.github.com/c0nrad/HOLIDE) Qt/C++ ◦ An IDE for the HOL theorem prover, possibly being used by Air Force Research Labs

• PandrChat (retired) Ionic/Angular/MongoDB/Express ◦ Geospatial chatting application. Click on the map to talk to users from that area.

• Sylvia (www.github.com/c0nrad/sylvia) NodeJS/Express/MongoDB/Python ◦ Attempt to recreate Sylvia Plath’s consciousness through AI and graph theory.

• BattleTanks (www.github.com/c0nrad/battletanks) Python/Qt ◦ A battlebot arena/framework for teaching my friends python/AI.

• Groogle (www.github.com/c0nrad/groogle) NodeJS/MongoDB/d3 ◦ Graphical Google searches, MHacks 2012

• c0nstock (private repo) Python/MongoDB ◦ Application for predicting bitcoins/stocks prices via n-degree interpolations

• Cyber Career Fair (www.github.com/c0nrad/ccf) MongoDB/Angular/NodeJS ◦ Application for ACM@MTU, used to host virtual career fairs on campus

• meowPi (www.github.com/c0nrad/meowPi) Raspberry Pi/Python ◦ A passive infared sensor trip wire that plays meow sounds when triggered

• Wilfred Groundstation (www.github.com/c0nrad/wilfred) Qt/Python/Rasberry Pi ◦ Raspberry PI quadcopter groundstation for testing and flight control

• Raspberry PI Cluster 12x Raspberry Pi/MPI/Bash ◦ Uses Message Passing Interface (MPI) for task distribution

• Conks (retired) Backbone.js/FabricJS ◦ Mario-like side scroller combining HTML5 canvas and Backbone.js

• Shitcoin (https://github.com/c0nrad/shitcoin) Go ◦ Personal clone of bitcoin, but really crappy because no one uses it

• go-mbf (www.github.com/c0nrad/go-mbf) Go ◦ Multithreaded brute forcer for MongoDB sharded cluster sets