Blog
Conference Presentations
Manifesto

HTTP Headers
Internal IP
JavaScript Console
JavaScript Ping
RegEx Tester
Web Scratch Pad

Magstripes
MemeStreams
NanoURL
Phasmatis
Stripe Snoop
TinyDisk
Txt2iRiv

Technical Documents
Recommended Reading

Conference Presentations

I have been fortunate enough over the years to speak at many conferences on a range of subjects. Here you can download my work in various formats.

• - Adobe Acrobat PDF - PDFs are portable to all platforms
• - Open Doucment Format - A truely portable office format. For use with OpenOffice.org and other office suites.
• - Flash Animation - Allows you to view my presentations online with a simple Flash plugin, supported by all major browsers

As of 11/25/2005 I have converted all my older presentations to a new template. I also significantly updated their content and graphics.

• Ghostbusting Spectorsoft
  Phreaknic 8, October 22, 2004

  SpectorSoft is the top seller of spy and monitoring software in the world. Their flagship product, Spector, is used both commercially and privately to keep tabs on what the computer is being used for. It tracks and saves keylogs, screenshots, visited URLs, emails, P2P transfers, instant messages and more. Since 9/11, a panic-stricken public have pushed sales of this software through the roof. Chances are good you are being monitored with it and don't even know it.

  In this presentation, we begin by discussing Spector's history. We will talk about how it loads, how it hides, how to detect it, and how to disable it. We will talk about the SPT file format where Spector stores all its captured content. Finally, Phasmatis, a programming for reading and modifying SPT files will be demoed.

  Available Formats
  • Video of presentation - DivX, Length 57:57
  • Adobe Acrobat PDF
  • Open Document Format
  • Flash Animation
• JavaScript Malware for a Gray Goo Tomorrow
  Shmoocon 2007, March 24, 2007

  Aren't Cross Site Scripting vulnerabilities lame? All they can do is display annoying popups that say 'xss' in them. Oh, and hijack your HTTP sessions... and detect every website you have visited... and port scan and fingerprint your internal network... and reconfigure your routers... and brute force usernames and passwords... and capture all the words you search Google for. And I almost forgot, they can self propagate too. Wait, maybe XSS isn't so lame after all.

  This presentation examines some of the nasty, state of the art things JavaScript can do that most people don't know about. Things like hijacking your HTTP sessions, stealing search history, stealing search engine queries, port scanning and fingerprint your internal networks. I also give a live demo of Jikto, a complete web application vulnerability scanner written entirely in JavaScript. Jikto can crawls and audit any public website and send the results to a 3rd party.

  Available Formats
  • Video of presentation MPEG - 56:33
  • Adobe Acrobat PDF
• Layer 7 Fun: Extending Web Apps in Intersting Ways
  Phreaknic 9, October 21, 2005

  Talk about how to write extensions to existing web applications both when you have the owners premission (ala Housingmaps.com) and when you don't (ala the GMail filesystem). Discusses common APIs, writing custom HTTP user agents and technologies. I use TinyDisk, a file system written on top of TinyURL as a case study for this presentation

  Available Formats
  • Video of presentation
  • Adobe Acrobat PDF
  • Open Document Format
  • Flash Animation
• Phuture Of Phishing
  Toorcon 7, September 18, 2005
  FBI/UT Cyber Security Summit, October 20, 2005

  I presented research I had been working on with my employer SPI Dynamics under my real name for a change! The talk was nice look at current phishing attacks and defense while discussing the next generation of phishing: XSS. A month after giving the talk at Toorcon I got a from the Knoxville field office of the FBI. A speaker had cancel for their Cyber Security Summit. One of their agents had seen my Toorcon presentation, and they asked if I could drive up and fill in. Since it was the day before Phreaknic, I went from presenting in a suit for FBI agents to a bunch of 20ish hackers in black t-shirts in less than 24 hours!

  SPI is hosting the presentation on their website, Phuture of Phishing. You'll find the presentation in other formats here. You can download the anti-XSS proxy, LineBreaker from SPI's website.

  Available Formats
  • Adobe Acrobat PDF
  • Open Document Format
  • Flash Animation
• Privacy Implications of Magstripes
  Toorcon 6, September 26, 2004

  Nice talk detailing what type of information is stored on magstripe cards and how read them, I also do a nice survey of other physical authentication methods such as RFID, Bluetooth, and others. I received a lot of positive feedback from this talk and the entire trip allowed me to meet some cool west coast hackers

  Available Formats
  • Adobe Acrobat PDF
  • Open Document Format
  • Flash Animation
• Process of a Hack
  Phreaknic 7, October 25, 2003

  This presentation examines the process of deconstructing any complex system to understand its weaknesses and ultimately design more effective systems. In a nutshell, we are talking about how the logical steps you take to reverse engineer any system and how you go about designing a better one.

  Available Formats
  • Adobe Acrobat PDF
  • Open Document Format
  • Flash Animation
• Running a Successful Open Source Project
  Interz0ne 4, March 11, 2005

  The road to hell is pavedwith dead SourceForge projects. People create some cool projects but they fail to attract and retain users or developers. This presentation dicusses why most OSS projects fail in this regard and offers advice on running a successful OSS project

  Available Formats
  • Adobe Acrobat PDF
  • Open Document Format
  • Flash Animation

© Copyright 2002 - 2008 Most Significant Bit Labs. All Rights Reserved