Sergey Bratus

This page now redirects to Links may be broken for a while.

I am a Research Associate Professor at the Computer Science Department at Dartmouth College. My primary focus is on studying exploitation of systems and networks, and any ways of inducing unexpected computation (a.k.a. "weird machines", unexpected, unintended, or emergent programming models in software or hardware). In a word, I believe that state-of-the-art hacking is already a distinct discipline of computer science, even though not formally recognized as such; this is where my main interest is. I am also interested in all aspects of Unix security, in particular in Linux kernel security, detection and reverse engineering of malware (primarly kernel mode, Linux and Windows), wireless networking, and visualizations of security-related information.

My other interests are in applications of Natural Language Processing for better indexing, search and navigation of natural language documents. Before coming to Dartmouth, I worked on NLP systems at BBN Technologies (see [1, 2]).


Current: I will be teaching CS 69.16/CS 169 in Winter 2022. The course page is at, with the draft syllabus posted there.

Previous: [CS 65, Smartphone Programing] [CS 258, Advanced OS] [CS 60, Computer Networks] [CS 59, Programming Languages] [CS 38, Computer Security]

I also teach a variety of low-level networking and systems security reading courses; ask if interested.


In May 2009 I provided an expert witness report for the Franklin Pierce Law Center's legal team led by Prof. Ashlyn Lembree defending Mavis Roy in UMG Recordings et al. v. Roy civil action lawsuit. This led to a research paper with Prof. Lembree on the general issues and challenges of trust in computer-generated evidence, presented at TRUST 2010: [local copy], [slides], [discussion on Bruce Schneier's blog]. More information about the case can be found on [Ray Beckerman's blog] and [ArsTechnica].


Being much indebted to the hacker community for many things I learned from its amazingly rich sources, I tried to describe some trends in the hacker learning experience (the so-called "hacker curriculum") that distinguish it from the typical experiences of traditionally trained developers and CS students. We use some (implicit) principles of this "hidden curriculum" and related experiences in our teaching of Computer Security at Dartmouth.

Offsite collection of relevant materials:


Some of my "random" patches to standard tools (Etherape, dsniff, fragrouter, tcpflow, tcpreplay, etc., see README).


I received my undergraduate education at the Moscow Institute of Physics and Technology (aka Moscow Phystech), and my Ph.D. at Northeastern University (1999). Before coming to Dartmouth I worked at BBN Technologies on statistical learning methods in Natural Language Processing (NLP) for information extraction from natural English text, "text understanding", and similar topics.

My old homepage is at

My GPG public key.

[FSF Associate Member] Please support the Free Software Foundation, the people who brought us the GPL and are fighting to protect our freedom to write and change software.
Join EFF Today Don't care to have your research squashed by an unscrupulous vendor's bogus copyright claims or have all of your Internet traffic mined and monitored for undisclosed purposes? Please support the Electronic Frontier Foundation.