I)ruid, C˛ISSP

druid (@) caughq (.) org ( GPG Key )
602.466.6006 x2600


IRC: FreeNode: I}ruid
IRC: EFNet: I}ruid
SILC: CompSec: I)ruid

Speaking Engagements & Presentations

(see turbo talks)

Context-keyed Payload Encoding

HTML | PDF | Flash | Video | Paper

This presentation introduces a new method of keying a payload encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic, however, should be unable to decode the payload due to lack of the contextual keying information.

2007.10.21 - ToorCon 9

Keeping 'em Honest: Testing and Validation of Network Security and Monitoring Devices

HTML | PDF | Flash

Today's network security and monitoring devices such as application-aware firewalls and Intrusion Detection / Intrusion Prevention Systems often come with vendor promises of up to date security profiles, attack signatures or filters which block all new attacks and exploits, and application awareness of all the new and popular application protocols. Without independent third-party verification, how does the consumer verify and validate the accuracy of these claims? One approach is to do it yourself, and during this presentation I'll discuss the usual problems and deficiencies found in such products and their service-model oriented content, how you can design comprehensive test cases to identify these deficiencies, and what to do about them once you've found them.

2008.04.27 - Computer Security Institute Security eXchange (CSI SX)

Mnemonic Password Formulas

HTML | PDF | Flash | Paper

This presentation details some of the issues facing users and managers of authentication systems involving passwords, discusses current approaches to mitigating those issues, and then finally introduces a new method for password management and recall termed Mnemonic Password Formulas.

2007.05.16 - IEEE Computer Society, Austin - HTML | PDF | Flash
2005.07.20 - dc214 - HTML | PDF | Flash

Real-time Steganography with RTP

HTML | PDF | Flash | Video | Paper

Real-time Transfer Protocol (RTP) is used almost ubiquitously by Voice over IP technologies to provide an audio channel for calls. As such, it provides ample opportunity for creation of a covert communications channel due to it's very nature and use in implementation. While use of steganographic techniques with various audio cover-mediums has been extensively researched, most applications of such have been limited to audio cover-medium of a static nature such as WAV or MP3 file audio data. This presentation details common techniques for use of steganography with audio data cover-medium, outlines the problem issues that arise when attempting to use these techniques to establish a full-duplex communications channel using audio data transmitted via an unreliable streaming protocol, and finally documents solutions to these problems as well as a reference implementation entitled SteganRTP.

2007.08.04 - DEFCON 15

SmartCard Security: GSM-SIM

An introduction to SmartCards, the GSM network, the SIM SmartCard application, and the security features and mechanisms thereof. After the introduction to the technology, this presentation covers various vulnerabilities and attacks targeted against SmartCards and the SIM application.

2006.08.30 - Austin Hackers Association

Steganography Primer

HTML | PDF | Flash

An introduction to Steganography. This presentation covers what steganography is, a bit of history, and traditional and modern methods of steganography with a focus on using imagery, binary executables, and network traffic as cover-mediums.

2006.11.30 - IEEE Consultants Network of Central Texas
2006.10.12 - Austin Linux Users Group
2006.03.04 - North Texas Snort Users Group @ UT Dallas
2005.01.12 - dc214

VoIP Attacks!

HTML | PDF | Flash | Video

VoIP Attacks! is divided into three sections. The first section is a brief overview of Voice-over-IP for the uninitiated. The second section is a collection of currently relevant attacks against VoIP systems, categorized into four impact zones; attacks against Availability, attacks against Integrity, attacks against Confidentiality, and any currently outstanding or unpatched vendor-specific attacks at the time of the presentation. The attacks are discussed in regard to what causes the target system to be vulnerable to the attack, how the attack works, what effect a successful attack has on the target system in question, what tools are publicly available to perform the attack, and what mitigation steps can be taken to prevent the attack. The third and final section of this presentation will focus on the mitigation techniques suggested for each attack in the second section, what problems those mitigation "solutions" have, and what issues may arise when attempting to utilize those mitigation techniques.

2007.11.06 - Computer Security Institute Annual Conference (CSI 2007) - HTML | PDF | Flash
2007.03.02 - EUSecWest 2007 - HTML | PDF | Flash
2007.02.22 - IEEE Consultants Network of Central Texas
2006.10.01 - ToorCon 8 - HTML | PDF | Flash | Video

Thursday June 13, 2024