ToorCon 9

ToorCon is always one of my favorite conferences of the year, and this year was no different. Actually, I take that back, it WAS different, it was even better than usual. I got something out of almost every talk that I attended, and the conference ran very smoothly. The conference is small and intimate and the speaker badges are green… I really can’t ask for much more. This year the [...]

ms07-055

Last week was Microsoft Patch Tuesday, and for once it actually affected me directly. The team I am part of at my new employer is responsible for reversing out patches such as these, determining the vulnerability that was patched, and developing ways to exploit or otherwise attack the software. From the advisories that were released, I ended up with ms07-055 which detailed a stack overflow in the Kodak Image Viewer [...]

By |2007-10-15T17:27:27+00:00October 15th, 2007|exploit, hack, hpavc, security research|0 Comments

Speaking at ToorCon 9

I've been invited to speak at ToorCon 9 in San Diego next month. My topic will be Context-keyed Payload Encoding in which I introduce a new method of keying an encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic, however, [...]

By |2007-09-24T07:38:45+00:00September 24th, 2007|conference, hack, hpavc, security, security research|0 Comments

DEFCON 15

DEFCON 15, in their second year at the Riviera, seemed a little more settled than the turbulent vibe from last year. Unfortunately DEFCON already seems to be outgrowing this space as a couple of the talks I wanted to see were standing room only and attendees were spilling out into the halls. The badge this year was a large rectangular PCB with the DEFCON logo parts down the left side [...]

ToorCon Seattle (Beta)

ToorCon Seattle (Beta) in Seattle was a new experiment by the ToorCon folks. It was essentially an informal and free invite-only conference, total attendance numbering around 150, with a single track of speakers each having 20 minutes to speak on their current (and potentially in-progress) research. The format was very similar to the format that the AHA! meetings take, so I was right at home speaking there. The conference talks [...]

On Social Hacking Groups, Meetings, and AHA!

Since the early ’90s, when I first really started getting into information security and the hacking scene, I’ve always found immense value in social hacker meetings. Back then all I had was my local 2600 meeting, however today, depending on your place of residence, there may be many different types of meetings available to you ranging from black to white-hat orientations such as 2600, local-area DefCon groups, the regional *Sec [...]

By |2007-04-23T02:33:48+00:00April 23rd, 2007|AHA!, hack, security|0 Comments

Upcoming Conferences

In a couple of weeks I'll be heading to Seattle for Microsoft's internal security conference, BlueHat, and ToorCon's invite-only conference, ToorCon Seattle (Beta). I've never been to BlueHat before, but that's not really surprising since most of my research targets, both now and in the past, have had absolutely nothing to do with Microsoft products. The primary reason I'm attending is that BlueHat takes place the two days before ToorCon [...]

By |2007-04-19T06:44:29+00:00April 19th, 2007|conference, hack, security, security research|0 Comments

AHA! 0x0006

I am continually impressed by both the quantity and quality of speakers we have at our Austin Hackers Anonymous (AHA!) meetings every month. This last meeting was our 7th technical meeting and we had no less than 10 individual speakers with anywhere from 5 to 30 minutes each, each with something unique and interesting to talk about. The variety of subject matter was simply astounding. I'm truly grateful to be [...]

By |2007-03-31T01:58:55+00:00March 31st, 2007|AHA!, hack, security research|0 Comments