Craig Young

Craig Young is a principal security researcher at Tripwire, where he writes security content for Tripwire’s vulnerability management solution, IP360, and performs research as a member of Tripwire’s Vulnerability and Exposures Research Team (VERT). He has been active in numerous areas of computer security research over several years, and has identified and responsibly disclosed 150+ vulnerabilities in products from Google, Amazon, IBM, NETGEAR, Adobe, HP, Apple, and more, resulting in numerous CVE’s. In 2014, Craig won both tracks of the first ever SOHOpelessly Broken contest at DEFCON 22 by demonstrating 10 0-day flaws in SOHO wireless routers. Since that time, Craig has taught hundreds of Infosec students about IoT security fundamentals and reverse engineering at conferences like SecTor, Black Hat USA, DEF CON, and AusCERT. Craig's successful use of American Fuzzy Lop (afl) to find bugs in Apache and PHP has earned him high rankings in those Internet Bug Bounty programs. Craig has also collaborated on two Pwnie-nominated cryptographic attacks including the Return of Bleichenbacher's Oracle Threat (ROBOT) Attack which won the 2018 Best Cryptographic Attack Pwnie award.