My name is Yarrow Charnot. I live in Brisbane, Australia, for the last two years until present on a part time contract as a consultant for VASCO Data Security: - researching new ways to break, secure and improve all kinds of authentication procedures and protocols (mainly focused on web and LAN authentication) - integrating hardware token authentication into native and not so native LANMAN / NTLM / kerberos / MSCHAP / RADIUS for NT4 and 2000 domain controllers - analysing security of VACMAN Server and other hardware and software products to advise on their possible integration - designing and implementing secure intermodule communication based on AES and DH-3072 / ECDH-512 PKI that I have developed for them (Windows, Linux, Solaris) - designing and implementing licensing and copy-protection - solving problems developers get stuck with, mainly analysing and debugging their code with SoftICE, IDA, Hiew and gdb - educating developers on security-conscious development as security of the product depends on every single part of it My main area of expertise is software reverse engineering (cracking) that requires strong skills in disassembly, code analysis, code optimization, cryptography, cryptanalysis, mathematics, programming in Assembly and C/PASCAL and requires a deep knowledge of computer architecture and an ability to read/analyse/modify/rewrite code written in any programming language, which I all possess. Since the best reverse engineering (IDA, SoftICE, etc) and IDE development (MSVC and Borland C/Pascal) tools and the most of work is done in DOS/Windows environment (Linux is mainly open source anyway), I spend most of the time using Windows. I don't mind using Linux or Solaris and gdb on them, but my knowledge of Unix systems is on a user/cracker level so far, so I would not qualify as a *nix administrator or as a good *nix developer. By now I have an unmatched knowledge of Windows NT internals knowing some of its areas better than its developers as I often see flaws in its code that weren't apparent in the source. I can advise on design, development and analysis of copy-protection systems, device drivers, secure communication, strong authentication, exploits, worms, viruses, trojans, undocumented features, unpublished proprietary algorithms, protocols and data formats. Please don't confuse me with a hacker, a script-kiddie or an academic "security consultant". Although I am only 30 years old, I have 17 years of experience of breaking secure computer systems and copy-protection and anti-debugging software beginning with PDP-11 and IBM-360/370 back in 1984-1986. As the matter of fact, I can even determine the IQ level of the software developers just by looking at their compiled code even though it has been optimized by the compiler. I am single, so I'm available to travel anywhere in the world for a week or two at any time, but I don't want to move to another area. I love Brisbane - it's the best place to live in the universe according to my around the globe travelling experience. My preference is working from home reversing code and integrating the results of my research into other products (absolutely without infringing any copyright laws as I never make illegal copies of the products to analyse them, I just look at the code and I rewrite it all myself optimizing it without using any copyrighted parts). Australian laws specifically permit software reverse engineering, so American employers please don't be put off by my Australian residence. I have lived in the USA for 3 years in quite a few states and I feel very comfortable getting around the place - I can drive without a map in Los Angeles, Washington DC, all over Florida and I have driven across 20 states. The best ways to contact me are e-mail yarrow @ charnot.com (without anti-spamming spaces), ICQ No 527342, EFnet on IRC, or my cell phone (+61 421 580 623). I can send a more detailed resume if necessary. Please only serious offers, no resume requests to place me in your database.
This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 12:58:52 PDT