aaron - hacker, researcher, reverse engineer
aaron [--reverser]
aaron [--exploiter]
aaron [--presenter]
aaron [--educator]
aaron [--author]
aaron [--commentator]
aaron [--guest]
Aaron Portnoy is a security researcher, reverse engineer, speaker, and educator.
This page serves as a minimalist reference to his work and interests.
--reverser
Research interests lie in reverse engineering with a focus on deriving structure, semantics, and intent from opaque software systems. This includes analysis of binaries, firmware, and complex control flows across diverse architectures. Created the IDA Pro plugin toolbag to support these efforts, and regularly presents on reverse engineering methodologies and applied tooling. This work has yielded the discovery and disclosure of a large number of vulnerabilities in commercial software across a wide range of products and vendors.
--exploiter
Research and practical work in exploitation focuses on the development of reliable, high-impact techniques for vulnerability exploitation across diverse targets. Areas of emphasis include memory corruption, logic flaws, and the systematic bypassing of modern mitigations. Published in Phrack, and has authored or co-authored several high-profile exploits demonstrated at industry conferences and in real-world security assessments.
--presenter
Has delivered over 30 invited talks across global stages, including Black Hat, USENIX, Recon, Microsoft BlueHat, and the NSA Distinguished Speaker Series. Presentation topics have spanned reverse engineering methodologies, economic drivers of zero-day trade, large-scale vulnerability discovery, and exploit automation. Recognized by academic institutions such as NYU and Dartmouth for his contributions to offensive computing education. His work has also been featured on the cover of TIME Magazine and referenced in numerous university-level curricula.
--educator
Actively engaged in cybersecurity education across academic, government, and industry contexts. Designed and delivered lectures on reverse engineering and vulnerability analysis at Dartmouth College and Norwich University, and served as a guest speaker at institutions including NYU and the National Security Agency. Led technical trainings at global security conferences such as REcon and CanSecWest, including multi-day workshops on vulnerability discovery and exploitation. Instruction emphasizes practical methodology, foundational theory, and emerging offensive techniques relevant to both students and professionals.
--author
Has authored and co-authored technical work spanning vulnerability research, exploitation techniques, and AI security. Published in Phrack, IEEE Security & Privacy, and peer-reviewed academic proceedings including ACM FSE and USENIX WOOT. Additional applied research published through IBM X-Force and the Network Security journal.
--commentator
Regularly sought as a subject matter expert by major media outlets on topics spanning zero-day markets, AI security, and offensive research. Has been quoted or featured in TIME, Wired, Forbes, Reuters, the BBC, the Wall Street Journal, and Ars Technica, among others.
--guest
Appears as a guest on podcasts and interview series covering cybersecurity, AI risk, and the economics of vulnerability research. Topics range from the history of exploit development and Pwn2Own to the emerging threat landscape for AI-powered systems.
The Emperor's New Guardrails (AI Accelerator Institute CISO Summit; New York, NY)Offense and Defense in an Era of Systemic Asymmetry: Why the Old Model No Longer Holds (Keynote, Ekoparty; Miami, FL)Probabilities, Vulnerabilities, and Psychometrics (Boston Security Meetup; Boston, MA)Log4j | CVE-2021-44228 Webinar (Randori & GreyNoise; Online)Choose Your Own Adventure: A Career Guide to InfoSec (BSides Austin; Austin, TX)Panel: Exodus and Fortiguard (Fortinet GPC Cruise; Haiti)The Economics of Vulnerabilities (Worcester Economic Club; Worcester, MA)Bypassing All of the Things (Summercon; New York, NY)Bypassing All of the Things (Nordic Security Conference; Reykjavik, Iceland)The IDA Toolbag (Recon; Montreal, QC)Toolbag (Nordic Security Conference; Reykjavik, Iceland; w/ Brandon Edwards)The Busticati 0xC Step Program to Program Recovery (Summercon; New York, NY)I heard you like reversing (Hackito Ergo Sum; Paris, France)Black Box Auditing Adobe Shockwave (CanSecWest; Vancouver, BC)Black Box Auditing Adobe Shockwave (PacSec; Tokyo, Japan)The Economics of Vulnerabilities (Hack in the Box; Amsterdam, Netherlands)The Vulnerability Disclosure Debate Continues (RSA; San Francisco, CA)Experiments using IDA Pro as a data store (Ekoparty; Buenos Aires, Argentina)Reverse Engineering 101 (Guest Lecture, NYU Polytechnic; Brooklyn, NY)Reversing Microsoft DirectShow (YSTS; São Paulo, Brazil)Exploiting Online Games (RSA; San Francisco, CA)Reverse Engineering Dynamic Language Multiplayer Online Games (BA-Con; Buenos Aires, Argentina)Reverse Engineering Dynamic Languages (Recon; Montreal, QC)Reverse Engineer's Cookbook (Toorcon; Seattle, WA)Reverse Engineering Python Applications (USENIX Workshop on Offensive Computing; San Jose, CA)RPC Auditing Tools and Techniques (DeepSec; Vienna, Austria)RPC Auditing Tools and Techniques (Toorcon; Seattle, WA)Advanced Fuzzing with Sulley (Blackhat Japan; Tokyo, Japan)Fuzzing Sucks! (Blackhat; Las Vegas, NV)Fuzzing Sucks! (Microsoft Bluehat; Redmond, WA)Exploitation: Past, Present, and Future (National Security Agency; Fort Meade, MD)From Kill Chain to Kill Cycle (Mindgard, 2026)When Configuration Becomes Code: The Hidden Execution Layer in AI Development Tools (Mindgard, 2026)Forced Descent: Google Antigravity Persistent Code Execution Vulnerability (Mindgard, 2026)The Missing First Step in AI Security Testing: Reconnaissance (Mindgard, 2026)TheLibrarian.io's AI Security Is Checked Out, and Their Disclosure Response Is Overdue (Mindgard, 2025)Zed IDE Vulnerabilities & Coordinated Disclosure (Mindgard, 2025)Inside OpenAI Sora 2: Uncovering System Prompts Driving Multi-Modal LLMs (Mindgard, 2025)From Prompt to Pwn: Cline Bot AI Coding Agent Vulnerabilities (Mindgard, 2025)BinPool: A Dataset of Vulnerabilities for Binary Security Analysis (ACM FSE, 2025)MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis (IBM X-Force)Adobe Shockwave - A Case Study on Memory Disclosure (Phrack, Issue 69)Pwn2Own Wrap Up and Analysis (Network Security, 2010)Walking on Water: A Cheating Case Study (IEEE Security & Privacy, 2009)Reverse Engineering Python Applications (USENIX WOOT, 2008)The Real AI Security Risk Isn't Data Leakage—It's What Your Agents Can Do (Forbes)AI Doctor's Assistant Swayed to Change Scrips, Researchers Find (The Register)Exclusive: Researchers Trick a Bot That Prescribes Meds (Axios)Google AI Coding Tool Antigravity Was Hacked A Day After Launch (Forbes)Mindgard Finds Sora 2 Vulnerability Leaking Hidden System Prompt via Audio (Hackread)Windows Admins Warned to Patch Critical MSMQ QueueJumper Bug (BleepingComputer)IBM Acquires Offensive Security Startup Randori to Bolster Its Cybersecurity Toolkit (TechCrunch)Hackers Are Actively Exploiting Big-IP Vulnerability with a 9.8 Severity Rating (Ars Technica)Tech Giants Microsoft, Amazon and Others Warn of Widespread Software Flaw (WSJ, paywalled)Firm Held Onto Palo Alto VPN Zero-Day for 11 Months (BankInfoSecurity)Massive Zero-Day Hole Found in Palo Alto Security Appliances (Threatpost)Aaron Portnoy – 'There's no silver bullet for ransomware or supply chain attacks' (The Daily Swig)Crack'n'hack Stack Phrack's Back, Jack! (The Register)Exploit Dealer: Snowden's Favourite OS Tails Has Zero-Day Vulnerabilities Lurking Inside (Forbes)The Cycle (MSNBC, July 10, 2014)Zero-Day Flaws in Tails Aren't for Sale, Vulnerability Broker Says (InfoWorld)Zero-day Broker Exploits Vulnerability in I2P to De-anonymize Tails Users (Computerworld)World War Zero: How Hackers Fight to Steal Your Secrets (TIME)Expert Walks Worcester Through the Economics of Internet Secrets (Worcester Business Journal)Info security expert to address Worcester group (Worcester Business Journal)The business of cyberwar (Thought Leader)With Millions Paid in Hacker Bug Bounties, Is the Internet Any Safer? (Wired)Portrait of a Full-Time Bug Hunter — Abdul-Aziz Hariri (Wired)Power Station, Airport SCADA Defences 'Dead as a Dodo' (The Register)Bored Researcher Easily Finds Two Dozen SCADA Security Holes (NBC News)Researcher Finds Over 20 Vulnerabilities in SCADA Security Software (Computerworld)Former Zero Day Initiative Researchers Form New Firm Exodus Intelligence (Threatpost)Chrome Owned by Exploits in Hacker Contests, But Google's $1M Purse Still Safe (Wired)Researchers Throw Down Vulnerability-Disclosure Gauntlet (Dark Reading)Life as a Bug Hunter (BBC)BlackBerry Cracked in Hacking Contest (Dark Reading)iPhone Falls in Pwn2Own Hacking Contest (Reuters)Are Vulnerability Disclosure Deadlines Justified? (Idaho National Laboratory, 2011)More High-Severity Flaws Haunt Adobe Software (ZDNet)Hacking Online Games: A Widespread Problem (CNET)HP patches OpenView vulnerabilities (Reuters)Aaron Portnoy on Pwn2Own, the End of Easy Bugs, and AI-Fueled Offense (The Three Buddy Problem)He Started Hacking at 15. Now He's Predicting the Biggest AI Security Breach of 2026. (Wake UP X Podcast)Aaron Portnoy || From Pwn2Own to Pwning AI (Adventures of Alice and Bob Podcast)CVE-2026-41153CVE-2026-0612CVE-2026-0613CVE-2026-0615CVE-2026-0616CVE-2025-68432CVE-2025-68433Eclipse Theia MCPClineClineClineClineAiderCVE-2021-3064CVE-2017-13997CVE-2017-14024CVE-2017-8022CVE-2013-0657CVE-2013-0658CVE-2012-4704CVE-2012-4705CVE-2012-4706CVE-2012-4707CVE-2012-4708CVE-2012-2288CVE-2012-0121CVE-2012-0122CVE-2012-0123CVE-2012-0124Oracle CPUCVE-2011-4185CVE-2012-0774CVE-2012-1182CVE-2012-0549TPTI-12-01CVE-2011-0335CVE-2011-0555CVE-2011-0556CVE-2011-0569CVE-2011-2111CVE-2011-2116CVE-2011-0862TPTI-11-13TPTI-11-15CVE-2010-2866CVE-2010-2867CVE-2010-2870CVE-2010-2874CVE-2010-2877CVE-2010-2878CVE-2010-2879CVE-2010-4188CVE-2010-4189CVE-2010-3106CVE-2010-3107CVE-2010-4316CVE-2010-4317CVE-2010-4319CVE-2010-4385CVE-2010-4390CVE-2010-4294CVE-2010-0034CVE-2010-0898TPTI-10-01TPTI-10-03TPTI-10-05TPTI-10-07CVE-2009-3846CVE-2009-4176CVE-2009-4177CVE-2009-4178CVE-2009-4179CVE-2009-4180CVE-2009-4181CVE-2009-1539CVE-2009-0909CVE-2009-0910CVE-2009-1544CVE-2008-4030CVE-2008-4031CVE-2008-3479CVE-2008-2468CVE-2008-0027CVE-2008-0033CVE-2007-6242CVE-2007-6026CVE-2007-5082CVE-2007-5083CVE-2007-5084CVE-2007-5323CVE-2007-2417CVE-2007-2280CVE-2007-2279CVE-2007-1868CVE-2007-1862CVE-2007-1676CVE-2007-1674CVE-2007-1070CVE-2006-5820CVE-2007-0754CVE-2007-3566CVE-2007-4827CVE-2006-5782CVE-2006-6334Mindgard - Chief Product Officer
Leading product strategy and vision for Mindgard's AI security platform, driving the roadmap for automated red-teaming and adversarial AI testing solutions.
Mindgard - Head of Research & Innovation
Defining strategy and overseeing research efforts to build the world's most advanced automated red-teaming solution for AI systems.
Dartmouth College - Hacker Fellow
Appointed to advise the Institute for Security, Technology, and Society on offensive security strategy, AI safety, and public-interest technology. Provides guidance on cross-disciplinary research initiatives involving machine learning, secure systems, and vulnerability discovery.
Dartmouth College - Hacker-in-Residence
Bridges academia and industry through mentorship, research collaboration, and curriculum development. Designed and taught courses on reverse engineering and software exploitation, and advised the formation of a student-led cybersecurity group.
IBM - Program Director
Directed applied research within a global security software organization. Led development of novel exploitation tools, resulting in measurable improvements across product lines. Defined strategic direction for SaaS security offerings, aligning research efforts with enterprise-scale impact.
Randori - Director of R&D
Led research and development through the company’s hypergrowth phase, culminating in an acquisition by IBM. Directed zero-day vulnerability discovery efforts and introduced attack emulation frameworks that influenced industry understanding of Attack Surface Management.
Boldend - Director of Research
Directed internal research on offensive capabilities with an emphasis on wireless exploitation and threat prototyping. Bridged the gap between R&D and strategic planning by aligning low-level vulnerability research with product and client needs.
Raytheon - Sr. Principal Cyber Engineer
Served as senior technical lead within a cleared offensive programs division. Delivered zero-day tooling integrated into defense systems and introduced efficiency-focused exploitation methodologies that accelerated project timelines.
Exodus Intelligence - Co-Founder & CTO
Co-founded and scaled a commercial zero-day vulnerability intelligence provider. Delivered original research to elite clients including government and defense agencies, and led discovery efforts resulting in dozens of critical vulnerability disclosures.
Zero Day Initiative - Manager, Security Research
Led the world’s largest vendor-agnostic vulnerability acquisition program. Created and judged the Pwn2Own competition, influencing industry patch cycles and responsible disclosure policies adopted globally by major vendors.
Email: aaron@aaronportnoy.com
GitHub: aaronportnoy