Steve C. Hanna, PhD
Research Scientist

I am a Principal Research Engineer at ZeroFOX as of August 2017.

I was a Senior Engineer at RiskIQ from October 2014 until June 2017. I worked on the backend data services team providing data enrichment to improve the quality of our products. JavaScript features and profiling, internet wide port scanner and banner grabber, to list a few among among many projects.

I was the Lead Research Scientist for Appthority from September 2012 to September 2014, where I worked on static binary analysis and dynamic analysis of mobile applications including iOS and Android.

I received my Ph.D. in Computer Science at the University of California Berkeley. I was supported by the National Science Foundation Graduate Fellowship and advised by Dawn Song. I received my Master of Science in Computer Science from University of California Berkeley and my Bachelor of Science in Computer Engineering with honors and the James Scholar distinction from the University of Illinois at Urbana-Champaign.

Primarily, I am interested in computer security through the lens of program analysis and systems building. My expertise lies in building systems to evaluate and solve complex security problems in mobile security, medical devices, and web browsers, using program analysis and quantitative analysis techniques. I enjoy the challenge of expanding my analytical toolbox into all fields of computer science: programming languages and compilers to machine learning and even probabilistic modeling. I firmly believe that the greatest (security) solutions come from the broadest view of the potential paths to explore. I generally enjoy working problems in mobile computing, web browsers and health security, but really, I like exploring all kinds of big ideas and coming up with amazing, innovative solutions to some of the toughest problems facing computing today.

Publications, Papers and Presentations

Steve Hanna. Attacks on Emerging Architectures. Dissertation. Technical Report. Summer 2012.

Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen and Dawn Song Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications. DIMVA 2012.

Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David Wagner. A Survey of Mobile Malware in the Wild. ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011.

Steve Hanna, Rolf Rolles, Andre ́s Molina-Markham, Pongsin Poosankam, Kevin Fu, Dawn Song. Take two software updates and see me in the morning: The Case for Software Security Evaluations of Medical Devices. Slides. Usenix Health Security 2011. This work is in collaboration with the Medical Device Security Center and made possible by medical devices provided by the Open Medical Device Research Library.

Adrienne Porter Felt, Erika Chin, Steven Hanna, Dawn Song, and David Wagner. Android Permissions Demystified. ACM CCS 2011.

Adrienne Porter Felt, Helen Wang, Alex Moshchuk, Steven Hanna, and Erika Chin. Permission Re-Delegation: Attacks and Defenses. Usenix Security 2011.

Heng Yin, Pongsin Poosankam, Steve Hanna, Dawn Song. HookScout: Proactive Binary-Centric Hook Detection. DIMVA 2010.

Steve Hanna, Richard Shin, Devdatta Akhawe, Arman Boehm, Prateek Saxena, Dawn Song. The Emperors New APIs: On the (In)Secure Usage of New Client-side Primitives. Web 2.0 Security and Privacy 2010 (W2SP). Slides.

Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant and Dawn Song. A Symbolic Execution Framework for JavaScript. IEEE Security and Privacy 2010. This paper won the ATT Award for Best Applied Security Research Paper 2010!!!

Prateek Saxena, Steve Hanna, Pongsin Poosankam, Dawn Song. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications. NDSS 2010.

Min Gyung Kang, Heng Yin Steve Hanna, Stephen McCamant, and Dawn Song. Emulating emulation-resistant malware. VMSec '09: Proceedings of the 1st ACM workshop on Virtual machine security.

David Nicol, Steve Hanna, William Sanders and Frank Stratton. Modeling and Analysis of Worm Defense Using Stochastic Activity Networks. Symposium on Simulation Software Security (SSSS'07) .

Steve Hanna, David Nicol. Exploring the Behavior of Flash Worms on a Large Topology. Proceedings of the Undergraduate Research Symposium, University of Illinois Urbana Champaign 2006 .

Steve Hanna, David Nicol. Implementation and Instrumentation of a Flash-Worm. Proceedings of the Deterlab Workshop 2006 .

Steve Hanna. Shellcoding for Linux and Windows Tutorial. White paper, 2004. In use/used by CS498, Cyber Security Lab at UIUC, CS38 Security and Privacy at Dartmouth, as well as being widely regarded as an excellent source for learning shellcoding.

older project and presentations

Shellcoding for Linux and Windows Tutorial by Steve Hanna
the chestnut (manhattan; formerly the ashby) -- the ashby drink is 2 parts bulleit bourbon, 1 part sweet vermouth, healthy amount of blood orange bitters, and 10ml herbally infused 151 (the herbal solute should be in its purest form).

perpetually perpetuating

le docteur de rien

quod est inferius est sicut quod est superius, et quod est superius est sicut quod est inferius, ad perpetranda miracula rei unius.