BlackHat USA 2009

Last week and through the weekend I was in Las Vegas for this year’s annual block of hacker conferences, BlackHat USA and DEFCON.  This year was a bit different for me as my employer no longer covers conference expenses (even if you’re speaking!), so since I was there not representing a company and entirely on […]

Simulating DDoS Attacks

Todd Manning and I have a new whitepaper available over at BreakingPoint on simulating Distributed Denial-of-Service (DDoS) attacks using the BreakingPoint product.  You can read more about the paper in my BreakingPoint blog post, or just grab the paper here.  If you’re a BreakingPoint customer, you’ll want the bundled version which comes with test cases […]

Review: The IDA Pro Book

When a book is so well-received by your peers as The IDA Pro Book has been, even if reverse engineering isn’t a huge part of what you do every day, you pretty much have to give it a read.  The creator of IDA Pro, Ilfak Guilfanov, even recommends it himself for a number of reasons, […]

When Magic Lost It’s Magic

Most that know me know that I’m an avid gamer.  I play video games, board games, card games, puzzles, pretty much anything I can get my hands on.  Because I like puzzles and strategy games, I’ve regularly been asked what I think the most strategic game I’ve ever played is, and I’ve gotten more than […]

MD5? Really?

First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months.  It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions.  What I’m […]

The Folly of a Scheduled Patch Release Cycle

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well […]

The Problem With the Liberty Dollar

I’m not going to talk about their underlying quest to end the Federal Reserve (with which I wholeheartedly agree), or about their multi-site raid by the FBI last year where all of their current inventory and all of the metals backing the Liberty Dollar warehouse receipts (paper currency) were confiscated.  No, I’m not going to […]

How NOT to Write a Protocol Specification

For the last week or so, I’ve been tasked with implementing Application Simulators in the BreakingPoint product for the OWAMP and TWAMP protocols, RFC 4656 and RFC 5357, respectively.  These are honestly two of the most poorly written protocol specifications that I’ve ever read.  Luckily, they’re rather short.  Not only are many parts vague and […]

What, no ToorCon???

So apparently quite a few people have come to expect and enjoy my summaries of conferences I’ve attended, because I’ve already gotten a number of inquiries as to why I haven’t yet posted about this last weekend’s ToorCon.  In short, it’s because I wasn’t there!