Jeff is a Senior Application Security Consultant at NCC Group who has contributed code to the Brakeman Rails Security Scanning tool. He’s perhaps best known in the Rails community for his whitepaper The Anatomy of a Rails Vulnerability in which he deeply explored remote code execution impacts of a “directory traversal” vulnerability in Rails. He’s also contributed several Rails-related attack modules to the Metasploit Framework. Recently, he has assisted the Rails team in review of security patches and advisories. Jeff has previously presented at Derbycon, Blackhat USA, Blackhat EU, Defcon, Thotcon, and others.
Jeff has presented at: