speaking
mara@workstation:~$ tail -n 50 ~/talks.log
I speak about exploit reliability, auditing methodology, and the very human business of getting a vendor to ship a fix. Selected talks and workshops below.
$ ls archive/
A full walk-through of CVE-2026-31884: how a single trusted length field in a TLS resumption parser became a reliable remote root, and the heap-grooming that made the exploit stable across appliance builds.
When a JWT 'kid' header is treated as a filesystem path, verification becomes forgery. A survey of identity-provider auth bypasses and a practical methodology for auditing token verifiers.
A hands-on workshop on building structure-aware harnesses for codec and container parsers, triaging the flood of crashes, and turning an out-of-bounds read into a real disclosure.
Coordinated disclosure is mostly communication, not code. Lessons from nine years of vendor reports — what gets a fix shipped, what stalls one, and how to keep both sides honest.
A technical deep-dive into CVE-2025-40918 — how a marshalling bug let guest WebAssembly forge a host allocator reference, and what it means for multi-tenant function platforms.
Turning an opaque NVR firmware blob into a navigable target: extraction, identifying the attack surface, and finding the parser that leaked memory into your video feed.
$ mail -s "speaking" mara@
I'm happy to talk to security teams, conferences, and university groups about vulnerability research and disclosure. Reach out with the audience, format, and rough date and I'll tell you honestly whether I'm the right fit.
Get in touch