I'm a security and privacy researcher at the Oxford Cyber Security Centre. I'm interested in real world security issues over blue sky research. My previous work covers anonymity, privacy and censorship on the Internet, as well as approaches to best assess network security. I'm currently looking at these in the context of the Internet as a complex system.
My current work is on observing and analysing Internet anomalies such as the Great Firewall of China. I'm doing this under the supervision of Professor Andrew Martin and Dr Joss Wright, and with the help of Alex Darer who is exploring similar themes.
Before going back to academia to read for my DPhil, I was a penetration tester and security consultant with one of the Big Four. I've tested, audited or advised for a large part of the FTSE 100, including Banking and Finance, Energy and Oil, and the Defence and Intelligence sectors. I have an MPhil from the Cambridge Computing Lab looking at anonymity on the web, with Professor Jon Crowcroft, and speak on cyber security matters for several news organisations, including the BBC, The Guardian, Sky News and Wired.
I tutor the Network Security course for the Software and Security Systems MSc with Dr Kasper Rasmussen, where I show and teach them the techniques and tools used by attackers in the real world. I lecture Web App Security for the first year DPhil students at the Cyber Security Centre, where I show them <script>alert(1)</script>, and give examples of attacks used to breach real systems. I've also organised a couple of hacking days for students, and run the Cyber Security Centre's virtual hacking laboratory.
If you have any questions or there is something you want to talk about regarding real world security, hacks or any of my research topics, feel free to get in touch.
Poisoning the Well: Exploring the Great Firewall's Poisoned DNS Responses
Oliver Farnan‚ Alexander Darer and Joss Wright
In Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. Pages 95–98. ACM. 2016.
Exploring a Controls−Based Assessment of Infrastructure Vulnerability
Oliver Farnan and Jason R. C. Nurse
In Risks and Security of Internet and Systems. Vol. 9572 of Lecture Notes in Computer Science. Pages 144−159. Springer. 2016.
Detecting Internet Filtering from Geographic Time Series
O Farnan J Wright A Darer