Resume

• Conducted reverse engineering of zero-day vulnerabilities to identify root causes and exploitation primitives.
• Developed minimized proof-of-concept exploits to validate exploitability and assess real-world impact.
• Authored customer-facing technical vulnerability analyses and detection guidance, including IOCs and YARA signatures.
• Represented the security organization during incident response, partnering with engineering to drive effective mitigation implementation.
• Bridged security research and engineering teams to translate findings into actionable remediation strategies.
• Conducted root cause and exploitability assessment during vulnerability triage to determine real-world impact and mitigation urgency.

• Conducted low-level system binary analysis, reverse-engineering, and vulnerability research through the use of user-mode and kernel-mode debuggers, disassemblers, and decompilers.
• Gained a deep understanding of Microsoft’s Virtualization-Based Security (VBS) protections and features to ensure customer security requirements were met.
• Led vulnerability assessments of desktop, backend, and web applications which resulted in identifying multiple vulnerabilities including an authentication bypass, XSS vectors, information leaks, security misconfigurations, and other OWASP Top 10 vulnerabilities.
• Led threat modeling and risk analysis processes to guide vulnerability assessments and recommendations of vulnerability remediation options.
• Developed and maintained research and analysis tooling.
• Guided teams’ technical efforts and research directions through multiple software assessments while continuing to make impactful technical contributions.
• Routinely communicated team progress and results to stakeholders through oral and written communications at varying levels of technical detail.

• Conducted large-scale empirical analysis of Android applications across official and unofficial distribution platforms to measure prevalence of tampering and repackaging.
• Performed reverse engineering, static and dynamic analysis of Android COVID-19 contact tracing applications to identify privacy and security weaknesses.
• Designed tooling to automate dataset generation and vulnerability analysis workflows.
• Evaluated security controls against NIST, FedRAMP, and C5 frameworks.

Awareness, Intention, (In)Action: Individuals’ Reactions to Data Breaches

Peter Mayer, Yixin Zou, Byron M. Lowens, Hunter A. Dyer, Khue Le, Florian Schaub, Adam J. Aviv — ACM Transactions on Computer-Human Interaction (TOCHI) (2023)

Enabling User-Centered Privacy Controls for Mobile Applications: COVID-19 Perspective

Tanusree Sharma, Hunter A. Dyer, Masooda Bashir — ACM Transactions on Internet Technology (TOIT) (2021)

Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities

Tanusree Sharma, Hunter A. Dyer, Roy H. Campbell, Masooda Bashir — Lecture Notes in Networks and Systems (LNNS) (2021)

“Someone Definitely Used 0000”: Strategies, Performance, and User Perception of Novice Smartphone-Unlock PIN-Guessers

Daniel V. Bailey, Collins W. Munyendo, Hunter A. Dyer, Miles Grant, Philipp Markert, Adam J. Aviv — Proceedings of the European Symposium on Usable Security (EuroUSEC) (2023)