Matt Frost (CEH, CEPT, CPT,
NET+) is a Security Associate at Bishop Fox, where his areas of
expertise are application penetration testing and mobile application security.
He also has extensive experience in network penetration testing, product
security reviews, and reviewing Amazon Web Services (AWS).
At Bishop Fox, Matt performed a
first-ever comprehensive assessment of SCADA devices used for utility
management, which uncovered multiple critical- and high-risk issues. Critical
issues included retrieving the personally identifiable information (PII) on
every registered user and device and an authorization bypass that made it
possible to take over any targeted account. High-risk issues included command
injection, privilege escalation from an external user to an administrator, and
another authorization bypass to set cryptographic keys used by devices.
In another engagement for an
end-to-end encrypted messaging service, Matt created a script for dynamic
instrumentation that led to SQL injection. He also discovered an authorization
bypass vulnerability on a major communications company's SD-WAN product that
allowed for control over any organizational configurations or devices,
potentially putting many customers at risk. Additionally, Matt has tested
Bluetooth technologies for activity tracker devices, performed black-market
assessments for Fortune 500 manufacturing organizations, and conducted
application tests for ride-sharing applications. He has successfully identified
sources of pirated software, saving organizations millions of dollars and
preventing possible reputation-damaging breaches.
Prior to joining Bishop Fox,
Matt helped found and served as the lead engineer of Dogtown Media, a mobile
and web application development firm. Toward the latter part of his career at
Dogtown, Matt shifted his focus toward third-party hardware projects integrated
with mobile applications. These projects ranged from medical devices,
environmental studies, and drones. He worked with clients ranging from
government entities to financial institutions in addition to gaining experience
with AWS and Bluetooth technologies.
My Path to Security - How Matt Frost Got Into Cybersecurity