Archive for the ‘hpavc’ Category


August 14, 2008

DEFCON is always entertaining as it’s the largest hacker conference in North America. Back to back with it’s corporate counterpart, Black Hat, it generally draws thousands of hacker-type people to Las Vegas every summer. The related parties, shenanigans, and drama surrounding it are legendary, and this year was no different.

Below are my thoughts on the talks I was able to attend.



Sleep Hacking

June 23, 2008

While working for TippingPoint’s DVLabs, I was fortunate enough to not be held to any kind of regular work schedule. Working in an almost pure research role, without the requirement of regularly interfacing with customers or even the rest of the DVLabs group, I had the opportunity to explore something that I’ve never really had the opportunity to before, at least not for extended periods of time; my body’s natural sleep cycle.


ToorCon Seattle 2008

April 22, 2008

The ToorCon organization puts on some of the best conferences in my opinion, and this last weekend was version 1.0 of their Seattle conference (beta was last year, which I also attended). Friday night was entirely 5-minute lightning talks and then Saturday was entirely 20-minute turbo talks. Sunday was workshops, which unfortunately I could not attend since I had to fly back to Austin mid-day. Last year was invite only and if you were there last year you received a coupon code for a discounted rate this year ($300), otherwise it was a little expensive to attend ($1000). Overall there were a number of excellent speakers with excellent content.

Due to the sheer number of talks (and I did see all of them), I’ll only cover the ones I found most interesting below:


Context-keyed Payload Encoding Whitepaper

January 28, 2008

Today, my research paper entitled “Context-keyed Payload Encoding” was published in Uninformed Journal vol. 9. If you’re into cutting-edge exploitation technology, you should check it out. This is the research I presented at ToorCon 9 last October.

ToorCon 9

October 23, 2007

ToorCon is always one of my favorite conferences of the year, and this year was no different. Actually, I take that back, it WAS different, it was even better than usual. I got something out of almost every talk that I attended, and the conference ran very smoothly. The conference is small and intimate and the speaker badges are green… I really can’t ask for much more. This year the conference was split between the two days; the first day being traditional hour-long presentations whereas the second day took the cue from ToorCon Seattle (beta) and was entirely 20-minute turbo talks. I thought the conference format worked out really really well and provided a much larger breadth of subject-matter than would normally have been possible with entirely traditional-length talks.

Below are my thoughts on the various talks I attended.



October 15, 2007

Last week was Microsoft Patch Tuesday, and for once it actually affected me directly. The team I am part of at my new employer is responsible for reversing out patches such as these, determining the vulnerability that was patched, and developing ways to exploit or otherwise attack the software. From the advisories that were released, I ended up with ms07-055 which detailed a stack overflow in the Kodak Image Viewer which was used as the default image handling application on Windows 2000 systems. After spending most of Tuesday setting up VMWare and installing some tools like IDA Pro and BinDiff, I was able to get started.


Speaking at ToorCon 9

September 24, 2007

I’ve been invited to speak at ToorCon 9 in San Diego next month. My topic will be Context-keyed Payload Encoding in which I introduce a new method of keying an encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic, however, should be unable to decode the payload due to lack of the contextual keying information.

Real-time Steganography with RTP Whitepaper

September 18, 2007

My paper detailing the research I presented last month at DEFCON 15 was published today in Uninformed Journal Vol. 8. The paper is entitled “Real-time Steganography with RTP” and details using steganographic techniques to establish a covert channel within the protocol commonly used for the media channel in VoIP calls as well as a reference implementation.


August 9, 2007

DEFCON 15, in their second year at the Riviera, seemed a little more settled than the turbulent vibe from last year. Unfortunately DEFCON already seems to be outgrowing this space as a couple of the talks I wanted to see were standing room only and attendees were spilling out into the halls.

The badge this year was a large rectangular PCB with the DEFCON logo parts down the left side and the letters “DEFCON” down the right side. In the center, oriented vertically, was a mini LED pixel display which was controlled by an on-board chip. In it’s default state, the display scrolled the text “I <heart> DEFCON”, however you could program the display through various sequences of pressing your fingers to the DEFCON logo parts down the left side. The badge this year was interesting, but it definitely had some quality issues. The controls to program the scrolling LED display were too easily triggered accidentally, causing most badges to be usually scrolling one of the menu texts instead of the custom message. Also, toward the end of the conference I was seeing a lot of the badges with stuck displays, only having a couple of random LED pixels lit up on them. The badges may have also been a little over-engineered as the instructional poem in the DEFCON book alluded to being able to solder on more components like an RF transceiver, an accelerometer, and potentially some other stuff. I identified at least three different places where you could add components to the badge. There was also WAY too much information about the badge in the DEFCON book such as what types of components you could add, where to get complete source code, how to debug it, etc. This seemed way more like being led down a path than actually being able to “hack” the badge.

Due to speaking this year and having a bunch of friends from DFW in town partying and gambling I didn’t really do the DEFCON social/party thing. I didn’t even have time to attempt Caezar’s Challenge, which from what I could tell merged this year with the Ninja Networks party since the challenge was on the back of the Ninja party pass. Oh well, the couple hundred bucks I made playing BlackJack and hanging out with my DFW friends was worth it.

Out of the presentations and events I attended, here’s my thoughts:


Speaking at DEFCON 15

May 19, 2007

I’ve been invited to speak at DEFCON 15 this August which is being held at the Riviera Hotel & Casino in Las Vegas. I’ll be presenting on some new research I’ve been working on involving VoIP and steganography. The presentation will be entitled “Real-time Steganography with RTP.”