Bio

I’m a professional computer security researcher with an extensive background in Linux systems administration, computer networking, applied cryptography, and programming. Since childhood, I’ve enjoyed taking things apart and learning how they really work. Deep understanding allows me to push the boundaries of what is possible. Originally from California, I now live in London.

If you’re writing about me or my work, please use gender-neutral language to refer to me. I use they/them pronouns and prefer not to use a title, though “Mx” is acceptable where one is required.

My family name is pronounced “kas-teh-LOO-chee”.

Presentations

• Cracking Cryptocurrency Brainwallets
• Stealing Bitcoin with Math with Filippo Valsorda
• A Nickel Tour of the Ad Fraud Ecosystem
• Optimizations for Bitcoin Key Cracking
• Measuring the Use and Abuse of Brain Wallets with Marie Vasek
• Modern TCP/IP, Simplified
• Hacking Gender: Transition à la Carte

Publications

• The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets with Marie Vasek, Joseph Bonneau, Cameron Keith and Tyler Moore
• Speed Optimizations in Bitcoin Key Recovery Attacks with Nicolas Courtois and Guangyan Song
• The Methbot Operation uncredited
• The Hunt for 3ve uncredited

Press

• Wired — Brainflayer: A Password Cracker That Steals Bitcoins From Your Brain
• Ars Technica — Password cracking attacks on Bitcoin wallets net $103,000
• Fast Company — Researchers Find A Crack That Drains Supposedly Secure Bitcoin Wallets
• DARKReading — Russian Hackers Run Record-Breaking Online Ad-Fraud Operation
• Kerbs on Security — Report: $3-5M in Ad Fraud Daily from “Methbot”
• BuzzFeed News — Killing 3ve: How The FBI And Tech Industry Took Down A Massive Ad Fraud Scheme
• The Register — C’mon, if You Say Your Device Is ‘Unhackable’, You’re Just Asking for It: Bitfi Retracts Edgy Claim
• Ars Technica — How 3ve’s BGP hijackers eluded the Internet—and made $29M