DEFCON 16

DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different. Below are my thoughts on the talks I was able to attend. […]

CSI-SX 2008

CSI-SX is the new branding for the CSI NetSec conference, which is co-located with Interop Las Vegas, and is essentially the security-focused portion of the overall conference. As with the annual CSI conference, this conference targets a different demographic than I’m used to speaking for as the attendance is usually comprised of very large enterprise and government employees and I usually speak for conferences targeted at the research and hacker [...]

By |2008-04-30T09:57:22+00:00April 30th, 2008|conference, opinion, security|0 Comments

ToorCon Seattle 2008

The ToorCon organization puts on some of the best conferences in my opinion, and this last weekend was version 1.0 of their Seattle conference (beta was last year, which I also attended). Friday night was entirely 5-minute lightning talks and then Saturday was entirely 20-minute turbo talks. Sunday was workshops, which unfortunately I could not attend since I had to fly back to Austin mid-day. Last year was invite only [...]

CSI 2007

CSI 2007 was the first time I’ve ever attended a CSI conference. I was actually a CSI member way back in the day when I was running my own consulting firm and needed as many business development avenues to explore as possible, but after closing my consultancy and going back to work for The Man(tm) I didn’t keep up my membership as I really wasn’t getting much out of the [...]

ToorCon 9

ToorCon is always one of my favorite conferences of the year, and this year was no different. Actually, I take that back, it WAS different, it was even better than usual. I got something out of almost every talk that I attended, and the conference ran very smoothly. The conference is small and intimate and the speaker badges are green… I really can’t ask for much more. This year the [...]

Speaking at CSI 2007

I've been invited to speak at the Computer Security Institutes's Annual Conference (CSI 2007) this November in Washington D.C., on the subject of VoIP Attacks. This presentation was originally intended to be a "state of the industry" type talk given every year or so, and the last time I gave it was at EUSecWest last March so it's about time to update it and present it again.

By |2007-09-26T16:46:56+00:00September 26th, 2007|conference, security, telephony, voip|0 Comments

Speaking at ToorCon 9

I've been invited to speak at ToorCon 9 in San Diego next month. My topic will be Context-keyed Payload Encoding in which I introduce a new method of keying an encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic, however, [...]

By |2007-09-24T07:38:45+00:00September 24th, 2007|conference, hack, hpavc, security, security research|0 Comments

Real-time Steganography with RTP Video

Apparently, some guy purchased video of all of the DEFCON 15 talks on DVD, then ripped them all to MP4 and uploaded them to Google Video. If you couldn't make DEFCON this year and wanted to see my talk, or don't have the patience to read the 50 page paper but have about an hour to watch a video, you should check it out.

DEFCON 15

DEFCON 15, in their second year at the Riviera, seemed a little more settled than the turbulent vibe from last year. Unfortunately DEFCON already seems to be outgrowing this space as a couple of the talks I wanted to see were standing room only and attendees were spilling out into the halls. The badge this year was a large rectangular PCB with the DEFCON logo parts down the left side [...]

BlackHat 2007

BlackHat Briefings 2007 was a bit disappointing this year. This year, the first day of briefings had an entire track devoted to Voice Services. Being the sole VoIP researcher for TippingPoint’s DVLabs, I of course attended this entire track. In short, three words: waste of time. Out of 5 talks on VoIP security, I learned one single new piece of information. At best, the content was the same old attacks [...]