user avatar
Perri Adams
@perribus
@Dartmouth ISTS Fellow & @SAISHopkins Adjunct Prof., inter alia. Former @DARPA, @DEFCON CTF, etc. @DistrictCon, @hexacon_fr, @LABScon_io CFP Review Boards
From one Washington to another
Joined May 2011
987
Following
6,596
Followers
Posts
  • Pinned
    user avatar
    Perri Adams
    @perribus
    May 20, 2025
    Back in 2023, the assessment of the pre-authentication vulnerability in SSH was that it wasn't exploitable on Linux. For my OffensiveCon 2025 keynote, I wrote enough of an exploit to show, with the right heap groom and stabilization, it's likely exploitable. Then I tried to have
    user avatar
    Tavis Ormandy
    @taviso
    Feb 14, 2023
    Replying to @taviso
    If someone get a working OpenSSH exploit from this bug, I'm switching my main desktop to Windows 98 😂 (this bug was discovered by a Windows 98 user who noticed sshd was crashing when trying to login to a Linux server!)
    52K
  • user avatar
    Perri Adams
    @perribus
    Apr 20, 2024
    The kids are alright
    user avatar
    Saagar Jha
    @_saagarjha
    Apr 19, 2024
    Proving once again that Minecraft exploits are fundamentally more interesting than the ones targeting software people actually care about (and definitely being better for civil society): github.com/spawnmason/ran…
    129K
  • user avatar
    Perri Adams
    @perribus
    Jun 14, 2022
    Some professional news: I’ve recently become a @DARPA Program Manager. I’m incredibly excited to work with the research community to explore the cutting edge in computer security! darpa.mil/staff/ms-perri…
  • user avatar
    Perri Adams
    @perribus
    Aug 9, 2023
    I’m excited to announce the AI Cyber Challenge, a major, two-year @DARPA competition challenging the best and the brightest in cybersecurity and AI to secure the systems on which all American rely. aicyberchallenge.com
    85K
  • user avatar
    Perri Adams
    @perribus
    Jan 28, 2022
    Some personal? professional? news: I'm extremely excited to set sail with the Nautilus Institute as we embark on our voyage as the newest organizers of @defcon CTF. defcon.org
    user avatar
    Nautilus Institute
    @Nautilus_CTF
    Jan 28, 2022
    What's your favorite kind of shell?
  • user avatar
    Perri Adams
    @perribus
    Sep 25, 2022
    Great blog post on exploiting Qualcomm Secure Execution Environment (QSEE) on Android The discussion of mitigations and general attack pattern pairs nicely with this ‘17 NDSS paper “BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments” sites.cs.ucsb.edu/~chris/researc…
    user avatar
    Tamir Zahavi-Brunner @[email protected]
    @tamir_zb
    Sep 14, 2022
    New blog post :) A pretty unique Android vulnerability I found, which allowed me to exploit the kernel by using the TrustZone. This helped me bypass all kernel security mitigations and create a super reliable exploit. tamirzb.com/attacking-andr…
  • user avatar
    Perri Adams
    @perribus
    Aug 15, 2022
    Thanks to all of the @defcon CTF players, not just for all of your hard work but for your patience & understanding as we worked through our infra issues, which were significant this year. I’m so grateful to the entire CTF community & looking forward to a smoother CTF next year.
  • user avatar
    Perri Adams
    @perribus
    Aug 26, 2023
    A few links for getting into CTF: pwn.college from @shellphish has lectures and challenges with great interactive environments—a fantastic set of resources. In addition, highly recommend picoctf.org from @PlaidCTF and github.com/RPISEC/MBE from @RPISEC
    user avatar
    Ryan Naraine
    @ryanaraine
    Aug 25, 2023
    I asked DEF CON CTF organizer Perri Adams about the make-up of a good capture-the-flag player and for recommendations for someone now getting started @perribus
    00:00
    25K
  • user avatar
    Perri Adams
    @perribus
    May 29, 2023
    gg! Thanks for playing this year's @defcon Capture the Flag Qualifiers. Congrats to top 12 teams -- we'll see you in Las Vegas in August!
    36K
  • user avatar
    Perri Adams
    @perribus
    Aug 17, 2022
    Unfortunately, I left DEF CON with one souvenir I was hoping to avoid. Heads-up for the folks I saw during and after the CTF.
  • user avatar
    Perri Adams
    @perribus
    Feb 1, 2022
    Hey, Ed, the folks in your replies are right. The app is absolutely suspect but Jonathan’s claims go far beyond anything there’s evidence for and he’s demonstrated that he doesn’t understand the technology. Jonathan is a known charlatan to computer security experts.
  • user avatar
    Perri Adams
    @perribus
    Sep 10, 2022
    Delayed 3 weeks due to COVID, but had a fantastic birthday. Grateful to have such amazing friends and colleagues.
  • user avatar
    Perri Adams
    @perribus
    Sep 24, 2022
    Grabbed a copy of Rootkits and Bootkits from @matrosov’s talk at #LABScon22 but only had it signed by 2/3 authors. Luckily, I know where to find @sergeybratus
  • user avatar
    Perri Adams
    @perribus
    May 19, 2022
    I don’t understand how people code live on video (eg @gamozolabs) I’ve reintroduced the same bug three times in the last two days and each instance took 20 minutes of debugging to find out I’d…unfixed the same thing as before