Douglas McKee is a Principal Engineer and Senior Security Researcher for the McAfee Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in penetration testing, reverse engineering, malware analysis and forensics and throughout his career has provided software exploitation training to many audiences, including law enforcement. Doug is a regular speaker at industry conferences such as DEF CON.
Douglas McKee Blog FeedMore from Douglas McKee
Robot Character Analysis Reveals Trust Issues
Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every decision you make, is an OODA Loop.” OODA Loop? Observe–Orient–Decide–Act, the “OODA Loop” was originally developed by United States Air Force Colonel John Boyd and outlines that fundamentally all actions ...
Ripple20 Critical Vulnerabilities – Detection Logic and Signatures
This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the vulnerabilities. It is intended to serve as a joint research effort to produce valuable insights for network administrators and security personnel, looking to further understand these vulnerabilities to defend against ...
CurveBall – An Unimaginative Pun but a Devastating Bug
Enterprise customers looking for information on defending against Curveball can find information here. 2020 came in with a bang this year, and it wasn’t from the record-setting number of fireworks on display around the world to celebrate the new year. Instead, just over two weeks into the decade, the security ...
HVACking: Understanding the Delta Between Security and Reality
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated an industrial control system (ICS) produced by Delta Controls. The product, called “enteliBUS Manager”, is used for several applications, ...
‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product
Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn lights and appliances on and off and monitor them online? A “smart plug,” a Wi-Fi–connected electric outlet, is one simple method. But IoT ...
80 to 0 in Under 5 Seconds: Falsifying a Medical Patient’s Vitals
With the explosion of growth in technology and its influence on our lives, we have become increasingly dependent on it. The medical field is no exception: Medical professionals trust technology to provide them with accurate information and base life-changing decisions on this data.
Petya More Effective at Destruction Than as Ransomware
At the beginning of the recent Petya malware campaign, the world was quick to exclaim this attack was ransomware. Now, with time to analyze the facts and make comparisons to other ransomware campaigns, this Petya attack does not look so much like ransomware. To back up this claim, let’s examine ...
TinyNuke May be a Ticking Time Bomb
On March 12th, 2017 a low-profile developer uploaded to Github a mostly functional Botnet code named TinyNuke. The user, Aainz, uses his real name in connection with this code. It’s not unusual for security professionals or hobbyist to release proof of concept code to enable the industry to learn from ...
Ransomware Families Use NSIS Installers to Avoid Detection, Analysis
Malware families are constantly seeking new ways to hide their code, thwart replication, and avoid detection. A recent trend for the delivery of ransomware is the use of the Nullsoft Scriptable Install System (NSIS) with an encrypted payload. The list of the most common families using this technique is diverse and ...
