Max Vohra
Hardware Security Specialist

Employment History

Employer
Deja vu Security
Field
Security Consulting
Role
Senior Security Consultant
Date
August 2014January 2018

At Deja vu Security I performed a number of strategic projects for clients, with successful attacks against Kernels, Hypervisors, BIOS System Management RAM, Cryptographic Implementations and SCADA Networks.

Employer
Self Employed
Field
Managed Services, Secure Development
Role
IT Security Consultant
Date
November 2013October 2014

In late 2013, I left Security Innovation to travel. During this time I offered independent Secure Development, Penetration Testing, and Security Consultation.

Employer
Security Innovation
Field
Security Consulting
Role
Security Engineer
Date
June 2011November 2013

During my years at Security Innovation provided Application Security Testing and Code Review to dozens of Fortune 500 firms.

Employer
Megapath
Field
Managed Services
Role
Security Operations Center Engineer
Date
January 2010June 2011

Operated within a team which offered managed VPN security services for Fortune 500 Companies. In working here I learned a great deal about corporate client management and procedures.

Employer
Spry/VPSLink Hosting
Field
Web Hosting
Role
Linux System Administrator
Date
June 2006July 2009

It was here that I first cut my teeth into the business end of technology. I was with this company when it was a small 15 person team. I frequently came to the aid of clients who had had their servers compromised. After restoring their server, I would give them advice on how stay secure in the future. I did not yet know how these simple actions would snowball into my current career and passion.

Application Auditing Experience

Languages
  • C
  • C++
  • C#
  • Objective C
  • Java
  • Swift
  • Go
  • Rust
  • Javascript
  • Actionscript
  • Scala
  • Ruby
  • Python
  • PHP
Environments
  • Android
  • iOS
  • Xen
  • KVM
  • VMWare
  • Rails
  • Node.JS
  • ASP.NET
  • Spring
  • Struts
  • JBoss
  • ActiveMQ
Databases
  • Oracle
  • Microsoft SQL Server
  • MySQL
  • PostgreSQL
  • Redis
Reverse Engineering
  • Dalvik Disassembly (Android)
  • Java
  • .NET (C#,VB.NET)
  • ASM (Intel x86, ARM, Hexagon)
  • Network Protocols

Projects

See https://www.seattlenetworks.com/projects for a complete listing

Looper (Released)

A protocol agnostic and highly flexible unit testing framework written in python.

Cellphone Baseband Reversal and Research (Private pending review)

This research aims to unbury the secrets of the baseband, which is currently masked from deep research by a layer of security through obscurity

Language Abstracted Static Analysis Tool (PoC)

This tool which will allow a human to quickly query a codebase for hard to find vulnerabilities, utilizing a query language similar to XPATH. The end goal is for a language abstracted tool which has various feature modules depending on the capabilities of the language.

PCI Device auditing tool (PoC)

This tool enables rapid implementation and development of tests against memory mapped devices.