About
Experienced information security executive with a 25-year background in software and…
Experience
Education
Licenses & Certifications
Publications
-
Bypassing Captive Portals and Limited Networks
DEF CON 24
See publicationCommon hotspot software like Chilispot and Sputnik allow anyone to set up a restricted WiFi router or Ethernet network with a captive portal, asking for money or personal information in exchange for access to the Internet. In this talk I take a look at how these and similar restrictive networks work, how they identify and restrict users, and the weaknesses that allow them to be bypassed with a little preparation.
-
Obtaining and Detecting Domain Persistence
DEF CON 23
See publicationAt DEF CON 23, I presented security research on how attackers create backdoors, obscure their tracks, and make access difficult to detect and remove. In this talk, I discuss ways that an attacker who has obtained domain administrator privileges can extend, persist, and maintain control, as well as how a forensic examiner or incident responder could detect these activities and root out an attacker.
-
Detecting Bluetooth Surveillance Systems
DEF CON 22
See publicationAt DEF CON 22, I presented personal security research on Bluetooth detectors used to monitor traffic speeds and activity. While supposedly anonymous, they detect a nearly-unique ID from every car, phone, and PC that passes by. In this presentation, I explore the documentation on these surveillance systems and their capabilities, then build a Bluetooth detector, analyzer, and spoofer with less than $200 of open-source hardware and software. Finally, I turn my own surveillance system on the DOT's…
At DEF CON 22, I presented personal security research on Bluetooth detectors used to monitor traffic speeds and activity. While supposedly anonymous, they detect a nearly-unique ID from every car, phone, and PC that passes by. In this presentation, I explore the documentation on these surveillance systems and their capabilities, then build a Bluetooth detector, analyzer, and spoofer with less than $200 of open-source hardware and software. Finally, I turn my own surveillance system on the DOT's and try to detect and map the detectors.
-
Secure Use of Cloud Storage
BlackHat USA 2010
See publicationAt BlackHat Briefings USA 2010 in Las Vegas, I presented covering ways that developers can use (and misuse) cloud storage systems like Microsoft’s Windows Azure Storage and Amazon’s Simple Storage Service (S3) and SimpleDB.
-
Security Best Practices For Developing Windows Azure Applications
Microsoft
This paper focuses on the security challenges and recommended approaches to design and develop more secure applications for Microsoft’s Windows Azure platform.
Other authorsSee publication
Organizations
-
DEF CON
CFP Review Board
- PresentMember of the small committee that selects speakers for DEF CON, the world's premier hacker conference. Review several hundred technical whitepapers and talk submissions each year, selecting proposals with compelling technical content, novelty, and compatibility with DEF CON's non-corporate, hacker ethos.
Other similar profiles
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content