Join us for a live webcast with industry experts to learn how newly proposed cybersecurity regulations will impact you. Register Now ›
Matt Frost (CEH, CEPT, CPT, NET+) is a Senior Security Consultant at Bishop Fox, where his areas of expertise are application penetration testing and mobile application security. He also has extensive experience in network penetration testing, product security reviews, and reviewing Amazon Web Services (AWS).
At Bishop Fox, Matt performed a first-ever comprehensive assessment of SCADA devices used for utility management, which uncovered multiple critical- and high-risk issues. Critical issues included retrieving the personally identifiable information (PII) on every registered user and device and an authorization bypass that made it possible to take over any targeted account. High-risk issues included command injection, privilege escalation from an external user to an administrator, and another authorization bypass to set cryptographic keys used by devices.
In another engagement for an end-to-end encrypted messaging service, Matt created a script for dynamic instrumentation that led to SQL injection. He also discovered an authorization bypass vulnerability on a major communications company's SD-WAN product that allowed for control over any organizational configurations or devices, potentially putting many customers at risk. Additionally, Matt has tested Bluetooth technologies for activity tracker devices, performed black-market assessments for Fortune 500 manufacturing organizations, and conducted application tests for ride-sharing applications. He has successfully identified sources of pirated software, saving organizations millions of dollars and preventing possible reputation-damaging breaches.
Prior to joining Bishop Fox,
Matt helped found and served as the lead engineer of Dogtown Media, a mobile
and web application development firm. Toward the latter part of his career at
Dogtown, Matt shifted his focus toward third-party hardware projects integrated
with mobile applications. These projects ranged from medical devices,
environmental studies, and drones. He worked with clients ranging from
government entities to financial institutions in addition to gaining experience
with AWS and Bluetooth technologies.