c0nrad.io Stuart Larsen


Stuart Larsen is currently a security engineer at MongoDB. He's been programming for about 12 years on things from quantum emulators, to cat fact spamming websites, to open source security tools. Previously he worked at Yahoo! as a penetration tester, at the Solar and Heliospheric Research doing data and algorithmic analysis, at Air Force Research Labs doing research on highly assured systems, at Fog Creek Software web application development, and MongoDB as a security intern working on x509 certificate handling. He also does side work for companies such as IncludeSecurity and TherapyRoll.


Attacking HTTP/2 Implementations
Location: PacSec 2015
Slides: https://pacsec.jp/psj15/PSJ2015_Stuart_Attacking-HTTP2-Implementations_en.pdf

Security Basics: Lessons From a Paranoid
Location: Yahoo! NYC /w Meetup, 2015
Slides: http://c0nrad.io/paranoids/slides.pdf

Spearing Superfish with HPKP
Location: MongoDB NYC /w OWASP, 2015
Abstract: https://gist.github.com/anonymous/4dff704df537eb0e2547
Slides: http://c0nrad.io/hpkp.pdf
Video: https://www.youtube.com/watch?v=kFhQ8SJiWCA

Caspr: Content Security Policy Reporting and Aggregation
Location: Santa Monica, OWASP AppSec Cali 2015
Abstract: https://gist.github.com/c0nrad/99b7f1b10150c313df9b
Video: https://www.youtube.com/watch?v=0JbGh43dJCQ

MEAN Stack: MongoDB, Express, Angular, NodeJS
Location: Michigan Technological University, 2014
Abstract: https://gist.github.com/c0nrad/8f7cf9b8f2a116a66a43
Slides: http://c0nrad.io/mean/mean.pptx

Articles / Blogs

Attacking HTTP2 Implementations
Apache Traffic Server - HTTP2 Fuzzing
Matasano Crypto Challeneges
Generating Content-Security-Policies, the easy way.
Spidering Techniques for Content Discovery
Solution to the game of Sticks
High School Blog
Recent Blog

Competitions / WarGames

StockFigher: All 6 Levels of Stock Challenges
Matasano Crypto Challeneges: Completed first 7 sets, working on 8th
Microcorruption: All but last two challeneges
OverTheWire.org: Natas, Bandit, Leviathan, Behemoth

3rd Place App Sec Cali 2015 CTF
62nd Place Reddit's CTF 2015
S13th Place DSLABS General April 2015
159th Place Boston Key Party 2015
"Best Linux Hacker" internal Wargame at Air Force Research Labs

2nd Place (Fall 2011) Michigan Tech ACM ICPC
2nd Place 3x (Spring 2012, Spring 2013, Spring 2014) Northern Michigan ACM ICPC
3rd Place Hackerrank September 2014 Gamathon

2x MongoDB Skunkworks: Most Likely to get the company sued. (2015, 2016)
MongoDB Stanly Skunk: First place overall
1st Bit.ly "Hacked to the future" Best use of Bit.ly API. Stick-It content generation
5th Tech Hacks Programming Competition Sylvia Plath Artificial Intelligence

Artificial Intelligence:
1st place at Barracuda Collage Programming Competition 2014
2nd Place (Spring 2012) Michigan Tech's BonzAI Brawl Programming Competition Spring 2011 Spring 2012