I’m a computer scientist in Massachusetts with graduate education and 13 years industry experience. I’ve worked on static program analysis, symbolic execution, compilers and interpreters, fuzz testing, application security, and production machine learning systems.
I currently work in a team at Praetorian that is combining static analysis with machine learning to amplify and augment the capabilities of offensive security operators.
You can find my resume here. I’ve also written and presented several peer-reviewed publications over the years.
You can find me on the infosec.exchange Mastadon instance as @bradlarsen.
Nearly all my professional work has been in closed-source proprietary codebases. But some has been open-source, including these things:
- I am the primary author and project maintainer for Nosey Parker, a fast secret scanner with high signal-to-noise
- I found and fixed a bug in the tokenizer in SQLite that caused it to not work on EBCDIC systems
- I contributed additional fuzz targets to CPython's OSS-Fuzz integration, which found a few bugs
- I found and fixed memory errors in the parser in CPython that also affected its related
typed-ast
library - I found and fixed several bugs in Manticore, the low-level symbolic execution engine, enhanced its ARMv7 support, and enhanced its Linux filesystem emulation