Hunter A. Dyer

Security Researcher II — Microsoft

• Conducted reverse engineering of zero-day vulnerabilities to identify root causes and exploitation primitives.
• Developed minimized proof-of-concept exploits to validate exploitability and assess real-world impact.
• Authored customer-facing technical vulnerability analyses and detection guidance, including IOCs and YARA signatures.
• Represented the security organization during incident response, partnering with engineering to drive effective mitigation implementation.
• Bridged security research and engineering teams to translate findings into actionable remediation strategies.
• Conducted root cause and exploitability assessment during vulnerability triage to determine real-world impact and mitigation urgency.

Cybersecurity R&D — Sandia National Laboratories

• Conducted low-level system binary analysis, reverse-engineering, and vulnerability research through the use of user-mode and kernel-mode debuggers, disassemblers, and decompilers.
• Gained a deep understanding of Microsoft's Virtualization-Based Security (VBS) protections and features to ensure customer security requirements were met.
• Led vulnerability assessments of desktop, backend, and web applications which resulted in identifying multiple vulnerabilities including an authentication bypass, XSS vectors, information leaks, security misconfigurations, and other OWASP Top 10 vulnerabilities.
• Led threat modeling and risk analysis processes to guide vulnerability assessments and recommendations of vulnerability remediation options.
• Developed and maintained research and analysis tooling.
• Guided teams' technical efforts and research directions through multiple software assessments while continuing to make impactful technical contributions.
• Routinely communicated team progress and results to stakeholders through oral and written communications at varying levels of technical detail.

Android Security Researcher — UIUC & GWU

• Conducted large-scale empirical analysis of Android applications across official and unofficial distribution platforms to measure prevalence of tampering and repackaging.
• Performed reverse engineering, static and dynamic analysis of Android COVID-19 contact tracing applications to identify privacy and security weaknesses.
• Designed tooling to automate dataset generation and vulnerability analysis workflows.
• Evaluated security controls against NIST, FedRAMP, and C5 frameworks.

University of Illinois at Urbana-Champaign

University of Illinois at Urbana-Champaign

Awareness, Intention, (In)Action: Individuals' Reactions to Data Breaches.
ACM Transactions on Computer-Human Interaction (TOCHI), 2023.
Peter Mayer, Yixin Zou, Byron M. Lowens, Hunter A. Dyer, Khue Le, Florian Schaub, Adam J. Aviv.

Enabling User-Centered Privacy Controls for Mobile Applications: COVID-19 Perspective.
ACM Transactions on Internet Technology (TOIT), 2021.
Tanusree Sharma, Hunter A. Dyer, Masooda Bashir.

Mapping Risk Assessment Strategy for COVID-19 Mobile Apps' Vulnerabilities.
Lecture Notes in Networks and Systems (LNNS), 2021.
Tanusree Sharma, Hunter A. Dyer, Roy H. Campbell, Masooda Bashir.

"Someone Definitely Used 0000": Strategies, Performance, and User Perception of Novice Smartphone-Unlock PIN-Guessers.
Proceedings of the European Symposium on Usable Security (EuroUSEC), 2023.
Daniel V. Bailey, Collins W. Munyendo, Hunter A. Dyer, Miles Grant, Philipp Markert, Adam J. Aviv.