Speaking Engagements & Presentations
Context-keyed Payload Encoding
This presentation introduces a new method of keying a payload encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic, however, should be unable to decode the payload due to lack of the contextual keying information.
2007.10.21 – ToorCon 9
Mnemonic Password Formulas
This presentation details some of the issues facing users and managers of authentication systems involving passwords, discusses current approaches to mitigating those issues, and then finally introduces a new method for password management and recall termed Mnemonic Password Formulas.
Real-time Steganography with RTP
Real-time Transfer Protocol (RTP) is used almost ubiquitously by Voice over IP technologies to provide an audio channel for calls. As such, it provides ample opportunity for creation of a covert communications channel due to it’s very nature and use in implementation. While use of steganographic techniques with various audio cover-mediums has been extensively researched, most applications of such have been limited to audio cover-medium of a static nature such as WAV or MP3 file audio data. This presentation details common techniques for use of steganography with audio data cover-medium, outlines the problem issues that arise when attempting to use these techniques to establish a full-duplex communications channel using audio data transmitted via an unreliable streaming protocol, and finally documents solutions to these problems as well as a reference implementation entitled SteganRTP.
2007.08.04 – DEFCON 15
SmartCard Security: GSM-SIM
An introduction to SmartCards, the GSM network, the SIM SmartCard application, and the security features and mechanisms thereof. After the introduction to the technology, this presentation covers various vulnerabilities and attacks targeted against SmartCards and the SIM application.
2006.08.30 – Austin Hackers Association
An introduction to Steganography. This presentation covers what steganography is, a bit of history, and traditional and modern methods of steganography with a focus on using imagery, binary executables, and network traffic as cover-mediums.
VoIP Attacks! is divided into three sections. The first section is a brief overview of Voice-over-IP for the uninitiated. The second section is a collection of currently relevant attacks against VoIP systems, categorized into four impact zones; attacks against Availability, attacks against Integrity, attacks against Confidentiality, and any currently outstanding or unpatched vendor-specific attacks at the time of the presentation. The attacks are discussed in regard to what causes the target system to be vulnerable to the attack, how the attack works, what effect a successful attack has on the target system in question, what tools are publicly available to perform the attack, and what mitigation steps can be taken to prevent the attack. The third and final section of this presentation will focus on the mitigation techniques suggested for each attack in the second section, what problems those mitigation “solutions” have, and what issues may arise when attempting to utilize those mitigation techniques.
2007.11.06 – Computer Security Institute Annual Conference (CSI 2007) – HTML | PDF | Flash
2007.03.02 – EUSecWest 2007 – HTML | PDF | Flash
2007.02.22 – IEEE Consultants Network of Central Texas
2006.10.01 – ToorCon 8 – HTML | PDF | Flash | Video