I’m a computer scientist in Massachusetts with graduate education who has worked in industry for 14 years. I’ve worked on static program analysis, symbolic execution, compilers and interpreters, fuzz testing, application security, and production machine learning systems.
I currently work in a team at Praetorian that combines static analysis with machine learning to augment the capabilities of offensive security operators.
You can find my resume here. I’ve also written and presented several peer-reviewed publications over the years.
You can find me on the infosec.exchange Mastadon instance as @bradlarsen.
Nearly all my professional work has been in closed-source proprietary codebases. But some has been open-source, including these things:
- I'm the author and maintainer of Nosey Parker, a fast secrets detector for offensive security with high signal-to-noise, and its complementary Nosey Parker Explorer TUI app for interactive triage
- I found and fixed a bug in the tokenizer in SQLite that caused it to not work on EBCDIC systems
- I contributed additional fuzz targets to CPython's OSS-Fuzz integration, which found a few bugs
- I found and fixed memory errors in the parser in CPython that also affected its related
typed-ast
library - I added the
sha1
function to DuckDB - I found and fixed several bugs in Manticore, the low-level symbolic execution engine, enhanced its ARMv7 support, and enhanced its Linux filesystem emulation