Steven C. Hanna, PhD

I am a Principal Research Engineer at ZeroFOX as of August 2017. I'm the Tech Lead for the Threat Intelligence Engineering group.

I was a Senior Engineer at RiskIQ from October 2014 until June 2017. I worked on the backend data services team providing data enrichment to improve the quality of our products. JavaScript features and profiling, internet wide port scanner and banner grabber, to list a few among among many projects.

I was the Lead Research Scientist for Appthority from September 2012 to September 2014, where I worked on static binary analysis and dynamic analysis of mobile applications including iOS and Android.

I received my Ph.D. in Computer Science at the University of California Berkeley. I was supported by the National Science Foundation Graduate Fellowship and advised by Dawn Song. I received my Master of Science in Computer Science from University of California Berkeley and my Bachelor of Science in Computer Engineering with honors and the James Scholar distinction from the University of Illinois at Urbana-Champaign.

I like engineering, I like security and I usually engineer security-related products, though I've worked on multitudes of engineering problems and their solutions. I'm passionate about designing and implementing awesome products and I get a lot of satisfaction out of improving the lives of users, either directly or indirectly. I get particularly excited about being able to engineer solutions that expand my analytical toolbox into all fields of computer science: operating systems, programming languages, compilers and program analysis to machine learning. I firmly believe that the greatest security solutions come from the broadest view of the potential paths to explore.

Publications, Papers and Presentations

Steven Hanna. Attacks on Emerging Architectures. Dissertation. Technical Report. Summer 2012.

Steven Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen and Dawn Song Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications. DIMVA 2012.

Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner. A Survey of Mobile Malware in the Wild. ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011.

Steven Hanna, Rolf Rolles, Andre ́s Molina-Markham, Pongsin Poosankam, Kevin Fu, Dawn Song. Take two software updates and see me in the morning: The Case for Software Security Evaluations of Medical Devices. Slides. Usenix Health Security 2011. This work is in collaboration with the Medical Device Security Center and made possible by medical devices provided by the Open Medical Device Research Library.

Adrienne Porter Felt, Erika Chin, Steven Hanna, Dawn Song, and David Wagner. Android Permissions Demystified. ACM CCS 2011.

Adrienne Porter Felt, Helen Wang, Alex Moshchuk, Steven Hanna, and Erika Chin. Permission Re-Delegation: Attacks and Defenses. Usenix Security 2011.

Heng Yin, Pongsin Poosankam, Steven Hanna, Dawn Song. HookScout: Proactive Binary-Centric Hook Detection. DIMVA 2010.

Steven Hanna, Richard Shin, Devdatta Akhawe, Arman Boehm, Prateek Saxena, Dawn Song. The Emperors New APIs: On the (In)Secure Usage of New Client-side Primitives. Web 2.0 Security and Privacy 2010 (W2SP). Slides.

Prateek Saxena, Devdatta Akhawe, Steven Hanna, Feng Mao, Stephen McCamant and Dawn Song. A Symbolic Execution Framework for JavaScript. IEEE Security and Privacy 2010. This paper won the ATT Award for Best Applied Security Research Paper 2010!!!

Prateek Saxena, Steven Hanna, Pongsin Poosankam, Dawn Song. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications. NDSS 2010.

Min Gyung Kang, Heng Yin Steven Hanna, Stephen McCamant, and Dawn Song. Emulating emulation-resistant malware. VMSec '09: Proceedings of the 1st ACM workshop on Virtual machine security.

David Nicol, Steven Hanna, William Sanders and Frank Stratton. Modeling and Analysis of Worm Defense Using Stochastic Activity Networks. Symposium on Simulation Software Security (SSSS'07) .

Steven Hanna, David Nicol. Exploring the Behavior of Flash Worms on a Large Topology. Proceedings of the Undergraduate Research Symposium, University of Illinois Urbana Champaign 2006 .

Steven Hanna, David Nicol. Implementation and Instrumentation of a Flash-Worm. Proceedings of the Deterlab Workshop 2006 .

Steven Hanna. Shellcoding for Linux and Windows Tutorial. White paper, 2004. In use/used by CS498, Cyber Security Lab at UIUC, CS38 Security and Privacy at Dartmouth, as well as being widely regarded as an excellent source for learning shellcoding.

older project and presentations

Shellcoding for Linux and Windows Tutorial by Steven Hanna

perpetually perpetuating

higher than a bird's hat

le docteur de rien

quod est inferius est sicut quod est superius, et quod est superius est sicut quod est inferius, ad perpetranda miracula rei unius.