Eoin Carroll is a Principal Engineer and Senior Vulnerability Researcher on the McAfee Advanced Threat Research team, focused on researching the trustworthiness of emerging computing platforms and protocols. He also analyzes critical industry vulnerabilities and innovates advanced threat defenses.

He has 20 years of diverse experience, from electronic engineering to a variety of offensive and defensive security roles. For the first decade of his career he worked as an electronic engineer in both the semiconductor and medical device industries, gaining a wealth of engineering and risk experience. During the second decade he has been building his career in platform security through Product Security, reverse engineering critical industry vulnerabilities and designing exploit protections. In addition, he has lead Product Security teams, mentored many Product Security Engineers/Architects, supported local universities to keep their security curriculum relevant to industry needs and regularly speaks at universities and STEM events to inspire the next generation of security talent.

He is very passionate about analyzing the security models of emerging platforms and protocols against the current and future threat landscape.

His work experience includes threat modeling, secure platform design, memory forensics, vulnerability and exploit analysis, reverse engineering, product engineering, operating system internals and incident response.

Eoin Carroll Blog Feed

More from Eoin Carroll

McAfee Labs

Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates

Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution (RCE) with critical CVSS (Common Vulnerability Scoring Standard) scores of 9.8, while the remaining two are denial of service (DoS). Microsoft shared detection guidance and proofs of ...

McAfee Labs

CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server

CVSS Score: 9.8  Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C  Overview  Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically used in heterogenous environments of Windows and Unix/Linux for file sharing. The vulnerability can be reproduced to cause an immediate BSOD (Blue Screen of Death) within the nfssvr.sys driver. Interestingly, the November patches from Microsoft also ...

McAfee Labs

Securing Space 4.0 – One Small Step or a Giant Leap? Part 1

McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National Space Center (NSC) in Cork, Ireland The essence of Space 4.0 is the introduction of smaller, cheaper, faster-to-the-market satellites in low-earth-orbit into the value chain and the exploitation ...

McAfee Labs

Securing Space 4.0 – One Small Step or a Giant Leap? Part 2

McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National Space Center in Cork, Ireland In the first of this two-part blog series we introduced Space 4.0, its data value and how it looks set to become the ...

McAfee Labs

Hunting for Blues – the WSL Plan 9 Protocol BSOD

Windows Subsystem for Linux Plan 9 Protocol Research Overview This is the final blog in the McAfee research series trilogy on the Windows Subsystem for Linux (WSL) implementation – see The Twin Journey (part 1) and Knock, Knock–Who’s There (part 2). The previous research discussed file evasion attacks when the ...

McAfee Labs

Transitioning to a Mass Remote Workforce – We Must Verify Before Trusting

While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we now have a mass workforce working remotely. Most enterprises and SMBs can support working remotely today but many IT departments are not equipped to scale to the numbers currently required. ...

McAfee Labs

SMBGhost – Analysis of CVE-2020-0796

The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol (SMB 3.1.1). As of this writing, Microsoft have just released a patch for CVE-2020-0796 on the morning of March 12th. The ...

McAfee Labs

The Cloning of The Ring – Who Can Unlock Your Door?

Steve Povolny contributed to this report. McAfee’s Advanced Threat Research team performs security analysis of products and technologies across nearly every industry vertical. Special interest in the consumer space and Internet of Things (IoT) led to the discovery of an insecure design with the McLear NFC Ring a household access ...

McAfee Labs

In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass

Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution’s (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee’s Advanced Threat ...

McAfee Labs

RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708

During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft produced a fix for Windows XP and several other operating systems, which have not been supported for security updates ...

Subscribe to McAfee Securing Tomorrow Blogs