Travis Morrow

Travis Morrow
Security Architect and Sr. Manager of Offensive Security

As the leader of Okta’s Offensive Security Team, Travis Morrow specializes in application penetration testing, reverse engineering, malware analysis, and security architecture. With over 15 years of industry experience, he enjoys researching mechanisms that automate the attacker’s job and make the defender's life more challenging. Travis has spoken on topics ranging from mobile security to genetic malware at events such as Black Hat, Immunity Infiltrate, and Amazon ZonCon. When he isn’t breaking things, he spends his free time tinkering, snowboarding, drinking coffee, and learning the hardware side of RE.

Josh Pitts and Travis Morrow

New Vectors, New Keys – Updated EBOWLA

Six months ago, Okta’s Infosec team built on the work of Riordan and Schneier to create an open source, environmentally-targeted keying solution, EBOWLA, for the security community to research, tear apart and learn from. Today, we’re pleased to share an update on the project we presented at the Ekoparty Security Conference in Buenos Aires. Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted...

Josh Pitts and Travis Morrow

DIY Genetic Malware: EBOWLA

Back in 1998, the year that Mongolia went from a 46 hour to a 40 hour work week, another ground breaking event happened— the publishing of Environmental Key Generation towards Clueless Agents by Riordan and Schneier. This paper discussed using environmental factors on a host as a means to encrypt and protect data and code from inspection. The idea discussed is simple: use unique identifiable information from the host as the key to encrypt the data/code you want to protect. If encrypted blobs...