Tom Palarz

Tom Palarz is a Principal Security Researcher at Veracode. His primary research focus is on static analysis of languages and frameworks. He also has a bit of a knack for embedded systems and low level tech. Prior to joining Veracode, he spent several years building software and then several years breaking it. In his current role, he is helping developers and security folks alike build more secure software.
Posts by Tom Palarz

Vegas Cons 2016 Wrap Up

August 18, 2016  | Research

In my earlier post, I gave my thoughts on what the trends were so far part way through the set of conferences last week (BSidesLV, Blackhat, and DefCon24). In this post, I wrap up my thoughts for the week’s conferences. There were several great talks I missed at BSides this year. Two in particular were ones I’m bummed I missed: one on FOIA requests [] (given... READ MORE

Crypto Fun at Black Hat 2016

August 9, 2016  | Research

This year’s Black Hat Briefings included many outstanding talks; being a bit of a crypto geek, the one that particularly piqued my interest was the practical forgery attack on the Galois/Counter Mode (GCM) mode of operation: Nonce Disrespect (slides [pdf], paper [pdf], example code) GCM is an authenticated encryption mode where authentication and ciphering are done in one pass across a... READ MORE

DEF CON 24: Day One

August 8, 2016  | Research

DEF CON is at a new venue since my last visit (two years ago), and I have to give props to the conference staff for all the hard work they’ve put in. Lines to get to talks and villages are still incredibly long as ever, and make it hard to justify the time to wait and missing out on something else. Some trends I’m noticing so far: The car hacking industry is maturing a bit with... READ MORE



contact menu