Daniel Crowley

Research Director at IBM X-Force Red

Austin, Texas, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Daniel Crowley is a research-focused security leader with 11+ years of hands-on experience finding and exploiting flaws across web apps, cryptography, networks, and embedded/physical systems. As Research Director at IBM X-Force Red he directs application security delivery and original research, building on prior senior roles at NCC Group and SpiderLabs. He’s published unusual work—OS fingerprinting approaches, polyglot file-format techniques, and cryptanalysis tools—and has disclosed vulnerabilities in major platforms including Google’s CAPTCHA, PHP, Windows, nginx and various AV products. Creator of the Magical Code Injection Rainbow testbeds and cryptanalysis tooling (Cryptanalib and FeatherDuster), he pairs practical research with maintainable tooling (e.g., modernizing MCIR’s PHP DB stack). A prolific speaker and media source, he blends offensive creativity with mentorship and operational security program delivery. Off-duty he holds the playful title of Baron of Sealand, a hint at his appetite for unconventional exploration.
code10 years of coding experience
job8 years of employment as a software developer
bookn/a, Exploitation, Vulnerabilities, Forensics, Reverse engineering, Cryptography, Physical security, n/a, Exploitation, Vulnerabilities, Forensics, Reverse engineering, Cryptography, Physical security at Infosec Self-Study
bookn/a, Audio Production, n/a, Audio Production at Art Institute of New England
bookBaccalaureate, Computer Network and Information Systems, Baccalaureate, Computer Network and Information Systems at Wentworth Institute of Technology
bookComputer Crime Investigation, Incident Handling, Computer Crime Investigation, Incident Handling at SANS Cyber-Defense Initiative 2009
github-logo-circle

Github Skills (4)

mysql10
php10
mysqli10
database-administration9

Programming languages (6)

C++CSSShellCPHPPython

Github contributions (5)

github-logo-circle
SpiderLabs/MCIR

Nov 2015 - May 2016

The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.
Role in this project:
userBack-end Developer
Contributions:8 commits, 1 PR, 12 pushes in 6 months
Contributions summary:Daniel primarily focused on updating database connections within the PHP code, specifically transitioning from the deprecated `mysql` extension to `mysqli`. This involved modifying database configuration files and updating code within multiple challenge directories, improving compatibility. In addition, they also addressed the package dependency of PHP, updating to php5-mysqlnd in autoinstall.sh. These changes indicate a focus on maintaining and improving the codebase's compatibility and functionality.
configurableinjectionsecuritycode-injectionrainbow
unicornsasfuel/cryptanalib3

Sep 2020 - Mar 2021

A Python3-compatible fork of the Cryptanalib module from FeatherDuster.
Contributions:1 release, 11 commits, 3 PRs in 5 months
cryptographycryptanalysispythonpython3
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Daniel Crowley - Research Director at IBM X-Force Red