hi, i'm alan. security researcher

I’m a security researcher passionate about vulnerabilities, reverse engineering and architecting systems for security and privacy.

Professionally, I’ve worked with both big and small security organizations on threat and vulnerability research, including building effective static/dynamic analysis tools, and automating binary reverse engineering at scale. I currently work at Trail of Bits.

I also disclose vulnerabilities through bug bounties sometimes.

Notable Projects

Software projects I'm excited about and actively working on to share with the security community. Check out my GitHub to see all past work.

Fuzzable

Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured in Blackhat Arsenal USA 2022.

Dependency Guardian

GitHub bot for finding malicious backdoors in software dependencies.

microkv

Security-enhanced minimal key-value store.

Publications

  • A. Cao, B. Dolan-Gavitt - What the Fork? Finding and Analyzing Malware in GitHub Forks. NDSS Symposium, Workshop on measurements, attacks, and defenses for the web.
  • A. Kellas, A. Cao, P. Goodman, J. Yang - Divergent Representations: When Compiler Optimizations Enable Exploitation. IEEE S&P Workshop on Offensive Technologies