c0nrad.io Stuart Larsen

Blog
Blog (Old)
Email
Github
Twitter
Resume

Stuart Larsen is currently founder and CEO of Csper, a web software security company. He also plays CTFs and records writeups as Sloppy Joe Pirates.

He's been programming for almost 20 years on things from security tools, cat fact spamming websites, dating websites, and physics simulations. Previously he was a software engineer at Atom Computing, working to help build scalable quantum computers. Before that he was a staff security engineer at MongoDB focusing on building secure applications. Before that he worked at Yahoo! as a penetration tester, before that at the Solar and Heliospheric Research doing data and algorithmic analysis, at Air Force Research Labs doing research on highly assured systems, at Fog Creek Software web application development, and MongoDB as a security intern working on x509 certificate handling. He also does side work for companies such as IncludeSecurity and TherapyRoll.

Talks

Sloppy Joe Pirates YT
Location: Sloppy Joe Pirates YouTube Channel

Attacking HTTP/2 Implementations
Location: PacSec 2015
Slides: https://pacsec.jp/psj15/PSJ2015_Stuart_Attacking-HTTP2-Implementations_en.pdf

Security Basics: Lessons From a Paranoid
Location: Yahoo! NYC /w Meetup, 2015
Slides: http://c0nrad.io/paranoids/slides.pdf

Spearing Superfish with HPKP
Location: MongoDB NYC /w OWASP, 2015
Abstract: https://gist.github.com/anonymous/4dff704df537eb0e2547
Slides: http://c0nrad.io/hpkp.pdf
Video: https://www.youtube.com/watch?v=kFhQ8SJiWCA

Caspr: Content Security Policy Reporting and Aggregation
Location: Santa Monica, OWASP AppSec Cali 2015
Abstract: https://gist.github.com/c0nrad/99b7f1b10150c313df9b
Video: https://www.youtube.com/watch?v=0JbGh43dJCQ

MEAN Stack: MongoDB, Express, Angular, NodeJS
Location: Michigan Technological University, 2014
Abstract: https://gist.github.com/c0nrad/8f7cf9b8f2a116a66a43
Slides: http://c0nrad.io/mean/mean.pptx

Articles / Blogs

Attacking HTTP2 Implementations
Apache Traffic Server - HTTP2 Fuzzing
Matasano Crypto Challeneges
Generating Content-Security-Policies, the easy way.
Spidering Techniques for Content Discovery
Solution to the game of Sticks
High School Blog
Recent Blog

Competitions / WarGames

CTF (in order):
4th AI vs Human CTF Challenge 2025
1st Hack The Boo 2024
1st Wizer CTF Oct 2024
1st SANS Offensive Ops CTF 2024
2nd CyberShock\x07E8 CTF 2024
1st Purdue cyberTAP's 2024 CTF
1st ECSC-GR Quals OPEN 2024
1st HACK the Halls 2023
1st ThreatModeler Capture The Flag 2023
1st SANS Offensive Ops CTF 2023
3rd CyberShock\x07E7 CTF 2023
2nd CTF After Dark - Winter 2023
1st BEHACK Xmas Capture The Flag 2022
8th Snyk Fetch The Flag
9th X-MAS CTF 2022
4th CTF After Dark - Fall 2022
8th BuckeyeCTF 2022
6th BlueHens CTF 2022
1st BSidesNYC 2018 CTF
5th Enigma 2017 CTF
Ran MongoDB CTF 2016/2017, 40+ questions.
Ran Yahoo CTF 2015, 20+ questions.
3rd Place App Sec Cali 2015 CTF
62nd Place Reddit's CTF 2015
13th Place DSLABS General April 2015
159th Place Boston Key Party 2015
"Best Linux Hacker" internal Wargame at Air Force Research Labs

Wargames:
pwn.college: Blue Belt (highest)
HTB Challenges: 355
StockFigher: Complete!
Matasano Crypto Challeneges: 63/64 complete
Microcorruption: Complete!

Algorithmic:
3rd MIT Battlecode 2025 Sprint 1
2nd Place (Fall 2011) Michigan Tech ACM ICPC
2nd Place 3x (Spring 2012, Spring 2013, Spring 2014) Northern Michigan ACM ICPC
3rd Place Hackerrank September 2014 Gamathon

Hackathon:
Most Likely to get the company sued, MongoDB Skunkworks (2015, 2016)
Stanly Skunk: First place overall, MongoDB Skunkworks (2016)
Most likely to be disqualified, MongoDB Skunkworks (2017)
1st Bit.ly "Hacked to the future" Best use of Bit.ly API. Stick-It content generation
5th Tech Hacks Programming Competition Sylvia Plath Artificial Intelligence

Artificial Intelligence:
1st place at Barracuda Collage Programming Competition 2014
2nd Place (Spring 2012) Michigan Tech's BonzAI Brawl Programming Competition Spring 2011 Spring 2012

Quantum Computing:
QHack2021: 47th

Projects

(Too many to list, see github)
Github