From Metasploit to Microsoft: Skape goes to Redmond

Summary:Metasploit developer Matt Miller, who for years frustrated Microsoft officials with the public release of Windows exploits, is heading to Redmond to join Microsoft's Security Science team.Miller, who uses the hacker moniker Skape,will work on improved ways to find security vulnerabilities and better software defenses through mitigations, according to an announcement by SDL guru Michael Howard.

Skape goes to Redmond
Metasploit developer Matt Miller, who for years frustrated Microsoft officials with the public release of Windows exploits, is heading to Redmond to join Microsoft's Security Science team.

Miller, who uses the hacker moniker Skape,will work on improved ways to find security vulnerabilities and better software defenses through mitigations, according to an announcement by SDL guru Michael Howard.

"Matt brings a massive amount of real-world exploit and defense experience to our team," Howard said, nothing that Miller has been focused on design review for Windows 7, the next major revision of the operating system.

[ SEE: Hacking with Metasploit on a Nokia N800 ]

Miller's work around exploiting -- and attempting to secure -- the Windows ecosystem is legendary.  In tandem with HD Moore, he has been one of the core developers on Metasploit, a free point-and-click pentest/attack tool, specializing in exploitation techniques/mitigations, reverse engineering, program analysis and modeling, rootkits and virtualization.

Over IM this morning, HD Moore said Miller designed a large chunk of the Metasploit 3 architecture, built the meterpreter payload system, and generally led the entire win32 shellcode improvement efforts.

"He has done some exploit work as well, but his focus was mostly on encoders, shellcode, and payloads," Moore said.  Miller was the third 'full-time' developer at Metasploit, having joined the volunteer group in mid-2004.

He is the author of several groundbreaking research papers, including techniques to bypass Windows Hardware-enforced DEP, improving software security analysis using exploitation properties and exploring the history of exploitation techniques (.pdf) and mitigations on Windows.

Miller is also an editor for the Uninformed Journal, a free online journal that focuses on encouraging the sharing of technical knowledge.

UPDATE: Over on Twitter, Dan Guido points out that Miller just open-sourced his WehnTrust HIPS project, which adds anti-exploit mechanisms/mitigations to Windows 2000, Windows XP and Windows Server 2003 systems.

Topics: Microsoft, CXO, IT Employment, Operating Systems, Software, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.