Ankit Patel

Coordinate applied research and maintenance efforts of two teams of highly skilled vulnerability researchers and software engineers. Known for fostering innovation, creativity, and mentoring the next generation of security researchers. Oversee several projects of varying time horizons to ensure customer needs are met immediately and in the future.

• Lead two teams of vulnerability researchers and software engineers to enable forensic data extraction
• Balance short-term vulnerability research with long-term, future-looking vulnerability research to ensure forensic extraction needs of local and federal law enforcement customers will continue to be satisfied into the future.
• Serve as collaborator of last resort for junior vulnerability researchers, providing mentorship and collaboration when skills or correspondents are lacking on the team.
• Promote core values of research collaboration and communication through hands-on vulnerability research with individual contributors.
• Developed internal importance measures using operations research enriched with live sales data to justify team resource allocation
• Hired, trained, and mentored vulnerability researchers

Hired, trained, and managed a team of vulnerability researchers to improve reliability and maintainability of offensive capabilities, including initial access, privilege escalation, and cryptanalysis. Balanced long term maintainability, risks to our capabilities, and customer needs to provide support to federal and law enforcement communities.

Specialized in discovering and refining software exploitation strategies, binary reverse engineering, source code auditing, proof-of-concept development, and system integration.

• Developed data driven analytics to iteratively improve forensic extraction reliability from access failures
• Built offensive capabilities for privilege escalation and cryptanalysis to support federal and local law enforcement communities
• Created career progression and training plans to develop a skills pipeline from exploit engineering to vulnerability research.
• Hired, trained, and mentored vulnerability researchers
• Coordinated maintenance efforts to ensure reliable customer experience when using our product.

• Directed research, design, and development efforts for macOS and iOS exploitation. Analyzed iOS for new vulnerabilities and investigated mitigation for patched vulnerabilities.

• Personally developed new tools and capabilities for macOS and iOS, including system survey tool to enable rapid fingerprinting of end-user systems and a dynamic code injection technique to add new functionality into software.

• Developed company-wide training course covering modern computer network exploitation and defense. Topics included:

  • Reverse engineering
  • ARM assembly
  • protocol exploitation
  • ARM/mobile software vulnerability analysis
  • software exploitation (ROP chain, type confusion, arbitrary read/write primitives, use after free, data only attacks)
  • remote administration tools (RAT/Implant) development
  • persistence techniques
  • malware detection and evasion techniques

• Lead a team of 6 engineers to provide quick response capabilities for customers. Project would span multiple platforms, including Windows, Linux, macOS, and Android, with turnaround times as short as two weeks.

• Personally developed custom remote management solutions to integrate embedded Linux devices, Linux servers, macOS systems, Windows systems, and Android devices into existing customer infrastructure while maintaining compliance with legal requirements and customer policies. This entailed writing the core software and developing custom secure installers to distribute customer’s software while maintaining control of intellectual property without compromising sensitive information.

• Developed an optimized fuzzing framework and targeted coverage-guided fuzzing tools to speed up and improve success rate of automated vulnerability analysis for Windows, Linux, and macOS. Wrote technical reports and proof of concept tools highlighting the severity of discovered vulnerabilities

• Reverse engineered remote administration tools for a full security audit of the application and its communications protocol to present detailed report on vulnerabilities, cryptographic shortcomings, and network signatures.

• Designed, developed, and presented demonstrations of offensive cyber operations capabilities to prospective customers, specifically showing how defensive tools can become targets for malicious activities.

• Drafted and reviewed contract Request for Proposals and Requests for Information responses for strategic business development initiatives leveraging technical knowledge and background.

• Initiated coordinated disclosure process after finding software vulnerabilities.
• Prototyped secure installer for Windows applications.
• Designed and implemented proprietary application layer protocol for embedded Linux systems.
• Formal training in Computer Network Operations, high performance computing, and cryptanalysis.

As a cooperative education student at the Department of Defense, I received hands on experience and training for computer network operations.

• Improved network reliability and simplified system administration tasks by developing custom tools.
• Developed plugin for proprietary Real-Time Operating System to support flash memory programming operations.
• Researched network testbed solution to enable large-scale application and protocol testing in conjunction with UMIACS researchers.

Analyzed various cryptographic schemes and algorithms as an applied introduction to Group Theory under the guidance of Dr. Gilbert Baumslag. Regular exercises included exploring alternate proofs seen primarily in number theory.