I'm a researcher and PhD candidate at Security Lab at George Mason University, Fairfax, Virginia working with Damon McCoy. I am also member of the Center for Evidence-based Security Research (CESR).

My interests are in the fields of Cyber-Physical Security. More specifically, my focuses are: Cyber Threat Intelligence, Reverse Engineering (both Hardware and Software), Vulnerability Analysis and Ethical Hacking. The fundamental topics that I have worked on and influenced my research interests are: System Security, Network Security, and Modern Cryptography.

Contact Details

Department of Computer Science,
George Mason University,
4400 University Drive MSN 4A5,
Fairfax, VA 22030 USA

E: mrezaeir [at] gmu [dot] edu
Key Fingerprint:
BA91 5FB7 17B0 D855 4622
2108 15BD EAA0 46A2 0284



RAT Ecosystem Measurement:
Threat intelligence and data collections are ad-hoc operations, and threat intelligence companies are in competition and data sharing among them is limited. For these reasons, active (passive) data collection of one company could potentially contaminate passive (active) data collection of other companies. In the context of RAT measurement study; intrinsic deceptive element of RAT scanning, sinkholing, and honeypot sandboxing could potentially introduce interference and noise to other ad-hoc and parallel measurements. Therefore, there is a need for accounting of ad-hoc and parallel measurements while there is no coordination.
This project aims to study the various RAT stakeholders, and ultimately proposes methods to distinguish, fingerprint and profile RAT stakeholders, and track and monitor their operations.

RAT Operators Behavioral Study:
This project aimed to shed a light on DarkComet RAT operators from the behavioral perspective. This includes, operator life cycle and motivation when engaged with a victim machine.
In this work we study the use of DarkComet, a popular commercial RAT. We collected 19,109 samples of DarkComet malware found in the wild, and in the course of two, severalweek-long experiments, ran as many samples as possible in our honeypot environment. By monitoring a sample’s behavior in our system, we are able to reconstruct the sequence of operator actions, giving us a unique view into operator behavior. We report on the results of 2,747 interactive sessions captured in the course of the experiment. During these sessions operators frequently attempted to interact with victims via remote desktop, to capture video, audio, and keystrokes, and to exfiltrate files and credentials. To our knowledge, we are the first large-scale systematic study of RAT use.

IVI Security Assessment and Analysis:
In this project, we performed a comprehensive security analysis on an IVI system that is included in at least one 2015 model vehicle from a major automotive manufacturer. We documented and demonstrated insecurities in the MirrorLink protocol and IVI implementation that could potentially enable an attacker with control of a driver’s smartphone to send malicious messages on the vehicle’s internal network. This work was funded by General Motors and DHS.