aaron - hacker, researcher, reverse engineer
aaron [--reverser]
aaron [--exploiter]
aaron [--presenter]
aaron [--educator]
Aaron Portnoy is a security researcher, reverse engineer, speaker, and educator.
This page serves as a minimalist reference to his work and interests.
--reverser
Research interests lie in reverse engineering with a focus on deriving structure, semantics, and intent from opaque software systems. This includes analysis of binaries, firmware, and complex control flows across diverse architectures. Created the IDA Pro plugin toolbag to support these efforts, and regularly presents on reverse engineering methodologies and applied tooling.
--exploiter
Research and practical work in exploitation focuses on the development of reliable, high-impact techniques for vulnerability exploitation across diverse targets. Areas of emphasis include memory corruption, logic flaws, and the systematic bypassing of modern mitigations. Published in Phrack, and has authored or co-authored several high-profile exploits demonstrated at industry conferences and in real-world security assessments.
--presenter
Has delivered over 30 invited talks across global stages, including Black Hat, USENIX, Recon, Microsoft BlueHat, and the NSA Distinguished Speaker Series. Presentation topics have spanned reverse engineering methodologies, economic drivers of zero-day trade, large-scale vulnerability discovery, and exploit automation. Recognized by academic institutions such as NYU and Dartmouth for his contributions to offensive computing education. His work has also been featured on the cover of TIME Magazine and referenced in numerous university-level curricula.
--educator
Actively engaged in cybersecurity education across academic, government, and industry contexts. Designed and delivered lectures on reverse engineering and vulnerability analysis at Dartmouth College and Norwich University, and served as a guest speaker at institutions including NYU and the National Security Agency. Led technical trainings at global security conferences such as REcon and CanSecWest, including multi-day workshops on vulnerability discovery and exploitation. Instruction emphasizes practical methodology, foundational theory, and emerging offensive techniques relevant to both students and professionals.
BinPool: A Dataset of Vulnerabilities for Binary Security Analysis (ACM International Conference on the Foundations of Software Engineering)Choose Your Own Adventure: A Career Guide to InfoSec (BSides Austin)The IDA Toolbag (Nordic Security Conference)The Busticati 0xC Step Program to Program Recovery (Summercon)I heard you like reversing (Hackito Ergo Sum)Black Box Auditing Adobe Shockwave (CanSecWest, PacSec)The Economics of Vulnerabilities (Hack in the Box)The Vulnerability Disclosure Debate Continues (RSA)Experiments using IDA Pro as a data store (Ekoparty)Reversing Microsoft DirectShow (YSTS)Exploiting Online Games (RSA)Reverse Engineering Dynamic Language Multiplayer Online Games (BA-Con)Reverse Engineering Dynamic Languages (Recon)Reverse Engineer's Cookbook (Toorcon)Reverse Engineering Python Applications (USENIX Workshop on Offensive Computing)RPC Auditing Tools and Techniques (DeepSec, Toorcon)Advanced Fuzzing with Sulley (Blackhat Japan)Fuzzing Sucks! (Blackhat, Microsoft Bluehat)Exploitation: Past, Present, and Future (National Security Agency)Dartmouth College - Hacker Fellow
Appointed to advise the Institute for Security, Technology, and Society on offensive security strategy, AI safety, and public-interest technology. Provides guidance on cross-disciplinary research initiatives involving machine learning, secure systems, and vulnerability discovery.
Dartmouth College - Hacker-in-Residence
Bridges academia and industry through mentorship, research collaboration, and curriculum development. Designed and taught courses on reverse engineering and software exploitation, and advised the formation of a student-led cybersecurity group.
IBM - Program Director
Directed applied research within a global security software organization. Led development of novel exploitation tools, resulting in measurable improvements across product lines. Defined strategic direction for SaaS security offerings, aligning research efforts with enterprise-scale impact.
Randori - Director of R&D
Led research and development through the company’s hypergrowth phase, culminating in an acquisition by IBM. Directed zero-day vulnerability discovery efforts and introduced attack emulation frameworks that influenced industry understanding of Attack Surface Management.
Boldend - Director of Research
Directed internal research on offensive capabilities with an emphasis on wireless exploitation and threat prototyping. Bridged the gap between R&D and strategic planning by aligning low-level vulnerability research with product and client needs.
Raytheon - Sr. Principal Cyber Engineer
Served as senior technical lead within a cleared offensive programs division. Delivered zero-day tooling integrated into defense systems and introduced efficiency-focused exploitation methodologies that accelerated project timelines.
Exodus Intelligence - Co-Founder & CTO
Co-founded and scaled a commercial zero-day vulnerability intelligence provider. Delivered original research to elite clients including government and defense agencies, and led discovery efforts resulting in dozens of critical vulnerability disclosures.
Zero Day Initiative - Manager, Security Research
Led the world’s largest vendor-agnostic vulnerability acquisition program. Created and judged the Pwn2Own competition, influencing industry patch cycles and responsible disclosure policies adopted globally by major vendors.
Email: aaron@aaronportnoy.com
GitHub: aaronportnoy