c0nrad.io Stuart Larsen

Blog (Old)

I'm looking for a job in the physics/simulation field. If you have any open roles, I'd love to apply/chat! (c0nrad@c0nrad.io)

Stuart Larsen is currently building out Csper, a software security startup focused on making content-security-policy as easy as possible. He also does security-focused software development consuling. (Stuart Larsen Consulting LLC).

He's been programming for about 14 years on things from security tools, cat fact spamming websites, dating websites, and physics simulations. Previously he was a staff security engineer at MongoDB focusing on building secure applications. Before that he worked at Yahoo! as a penetration tester, at the Solar and Heliospheric Research doing data and algorithmic analysis, at Air Force Research Labs doing research on highly assured systems, at Fog Creek Software web application development, and MongoDB as a security intern working on x509 certificate handling. He also does side work for companies such as IncludeSecurity and TherapyRoll.


Attacking HTTP/2 Implementations
Location: PacSec 2015
Slides: https://pacsec.jp/psj15/PSJ2015_Stuart_Attacking-HTTP2-Implementations_en.pdf

Security Basics: Lessons From a Paranoid
Location: Yahoo! NYC /w Meetup, 2015
Slides: http://c0nrad.io/paranoids/slides.pdf

Spearing Superfish with HPKP
Location: MongoDB NYC /w OWASP, 2015
Abstract: https://gist.github.com/anonymous/4dff704df537eb0e2547
Slides: http://c0nrad.io/hpkp.pdf
Video: https://www.youtube.com/watch?v=kFhQ8SJiWCA

Caspr: Content Security Policy Reporting and Aggregation
Location: Santa Monica, OWASP AppSec Cali 2015
Abstract: https://gist.github.com/c0nrad/99b7f1b10150c313df9b
Video: https://www.youtube.com/watch?v=0JbGh43dJCQ

MEAN Stack: MongoDB, Express, Angular, NodeJS
Location: Michigan Technological University, 2014
Abstract: https://gist.github.com/c0nrad/8f7cf9b8f2a116a66a43
Slides: http://c0nrad.io/mean/mean.pptx

Articles / Blogs

Attacking HTTP2 Implementations
Apache Traffic Server - HTTP2 Fuzzing
Matasano Crypto Challeneges
Generating Content-Security-Policies, the easy way.
Spidering Techniques for Content Discovery
Solution to the game of Sticks
High School Blog
Recent Blog

Competitions / WarGames

StockFigher: Complete!
Matasano Crypto Challeneges: 63/64 complete
Microcorruption: Complete!
OverTheWire.org: Natas, Bandit, Leviathan, Behemoth

Ran MongoDB CTF 2016/2017, 40+ questions.
Ran Yahoo CTF 2015, 20+ questions.
1st BSidesNYC 2018 CTF
5th Enigma 2017 CTF
3rd Place App Sec Cali 2015 CTF
62nd Place Reddit's CTF 2015
13th Place DSLABS General April 2015
159th Place Boston Key Party 2015
"Best Linux Hacker" internal Wargame at Air Force Research Labs

2nd Place (Fall 2011) Michigan Tech ACM ICPC
2nd Place 3x (Spring 2012, Spring 2013, Spring 2014) Northern Michigan ACM ICPC
3rd Place Hackerrank September 2014 Gamathon

Most Likely to get the company sued, MongoDB Skunkworks (2015, 2016)
Stanly Skunk: First place overall, MongoDB Skunkworks (2016)
Most likely to be disqualified, MongoDB Skunkworks (2017)
1st Bit.ly "Hacked to the future" Best use of Bit.ly API. Stick-It content generation
5th Tech Hacks Programming Competition Sylvia Plath Artificial Intelligence

Artificial Intelligence:
1st place at Barracuda Collage Programming Competition 2014
2nd Place (Spring 2012) Michigan Tech's BonzAI Brawl Programming Competition Spring 2011 Spring 2012