From Metasploit to Microsoft: Skape goes to Redmond

Skape goes to RedmondMetasploit developer Matt Miller, who for years frustrated Microsoft officials with the public release of Windows exploits, is heading to Redmond to join Microsoft’s Security Science team.

Miller, who uses the hacker moniker Skape,will work on improved ways to find security vulnerabilities and better software defenses through mitigations, according to an announcement by SDL guru Michael Howard.

“Matt brings a massive amount of real-world exploit and defense experience to our team,” Howard said, nothing that Miller has been focused on design review for Windows 7, the next major revision of the operating system.

[ SEE: Hacking with Metasploit on a Nokia N800 ]

Miller’s work around exploiting — and attempting to secure — the Windows ecosystem is legendary. In tandem with HD Moore, he has been one of the core developers on Metasploit, a free point-and-click pentest/attack tool, specializing in exploitation techniques/mitigations, reverse engineering, program analysis and modeling, rootkits and virtualization.

Over IM this morning, HD Moore said Miller designed a large chunk of the Metasploit 3 architecture, built the meterpreter payload system, and generally led the entire win32 shellcode improvement efforts.

“He has done some exploit work as well, but his focus was mostly on encoders, shellcode, and payloads,” Moore said. Miller was the third ‘full-time’ developer at Metasploit, having joined the volunteer group in mid-2004.

He is the author of several groundbreaking research papers, including techniques to bypass Windows Hardware-enforced DEP, improving software security analysis using exploitation properties and exploring the history of exploitation techniques (.pdf) and mitigations on Windows.

Miller is also an editor for the Uninformed Journal, a free online journal that focuses on encouraging the sharing of technical knowledge.

UPDATE: Over on Twitter, Dan Guido points out that Miller just open-sourced his WehnTrust HIPS project, which adds anti-exploit mechanisms/mitigations to Windows 2000, Windows XP and Windows Server 2003 systems.

[Source: zdnet]