Tuesday, September 15, 2009
DOD Cyber Crime Conference 2010
My and Randy Robbins' presentation on Apple TV forensics was accepted for the 2010 DOD Cyber Crime Conference in January. This presentation will be much more in depth than the Defcon 17 presentation and will include the demo of a new tool for information gathering on Apple TV systems.
Tuesday, October 14, 2008
I need a job like that....
So, I was in the process of going through my email and noticed a new LinkedIn notification. Once I was inside my LinkedIn account I found yet another invite (but one that I don't remember seeing a notification for in my email). After accepting the invite I partook in the normal activities of seeing the person's profile, checking out where they work, etc. just to catch up.
Apparently, where Curt now works you can not only blog at work but also work on your digital stalking skills...that's just plain great. So now I'm lobbying my management to allow me to do the same.
Apparently, where Curt now works you can not only blog at work but also work on your digital stalking skills...that's just plain great. So now I'm lobbying my management to allow me to do the same.
"Blogger, blog thyself"
Yeah, so I was in the middle of filling out a form on InformIT (registering to be a book reviewer) when it asked how often I post to blogs. Well, certainly a couple of times a month....then it asked for the URL of my blog. Oh, that's right...even though I post to a lot of other blogs and lists I should probably start keeping mine up to date.
Richard
Richard
Thursday, March 27, 2008
SANS GSEC
I never post anything here basically because I very rarely have something that a) could possibly interest anyone else and/or b) is something that I'm allowed by law or non-disclosure agreements to talk about.
That changed today....
So I finally decided to attend a "certification" class so I could have something on my resume besides the degrees and experience (since so many companies ask if you have a CISSP or GIAC). The company I work for has an agreement in place with SANS for certain classes and one of the GSEC classes had an opening. Apparently in order to get a GIAC you need to take several classes and the GSEC can count towards that number. So, what the hell I'm taking the class spending a nice week in Annapolis Junction, MD. Since most of the stuff in the GSEC is pretty basic I'm also getting some school work done and catching up on the latest exploits and tools. Every now and then a topic comes up in class that interests me and I'll tune in and offer whatever comments I have, etc.
So the topic of Bluetooth comes up and the instructor is generally giving the same information that most people put out and the class is starting to get that look of, "I can't believe anyone actually uses this technology since it is so hackable". Of course it isn't as bad as that and with a little configuration and sense the technology is just fine for what it is used for (in other words you can probably use it for your phone headset but you probably don't want to use it to transmit national security secrets). Right after I get off my pedestal the instructor agrees and we all move on. Next thing I know he says, "and here is a screenshot of the BlueScanner tool being used at a hacker convention" and my friend (who also knows too much to actually be in this class and who was with me at that convention) says, "hey, look....and there's Kevin's name!"
Yup, that's right...its the first time that the Wall of Sheep used BlueTooth at DefCON in 2005. That also happens to be the time that I ended up getting in an argument with some other attendees about how vulnerable BlueTooth really is and I put my money where my mouth was...I put my MacBook Pro and Treo on "discoverable" and hung out in the main area for most of the day/night (which isn't hard since I'm on staff at DefCON as well). Suffice it to say that neither was broken into, no data was changed, traffic exchanged, etc.
So, if you look at the SANS GSEC "Security 401, Security Essentials Bootcamp Style 401.4, Secure Communications" book on page 231 you'll see my name. I'll post a picture of the screenshot or something later.
That changed today....
So I finally decided to attend a "certification" class so I could have something on my resume besides the degrees and experience (since so many companies ask if you have a CISSP or GIAC). The company I work for has an agreement in place with SANS for certain classes and one of the GSEC classes had an opening. Apparently in order to get a GIAC you need to take several classes and the GSEC can count towards that number. So, what the hell I'm taking the class spending a nice week in Annapolis Junction, MD. Since most of the stuff in the GSEC is pretty basic I'm also getting some school work done and catching up on the latest exploits and tools. Every now and then a topic comes up in class that interests me and I'll tune in and offer whatever comments I have, etc.
So the topic of Bluetooth comes up and the instructor is generally giving the same information that most people put out and the class is starting to get that look of, "I can't believe anyone actually uses this technology since it is so hackable". Of course it isn't as bad as that and with a little configuration and sense the technology is just fine for what it is used for (in other words you can probably use it for your phone headset but you probably don't want to use it to transmit national security secrets). Right after I get off my pedestal the instructor agrees and we all move on. Next thing I know he says, "and here is a screenshot of the BlueScanner tool being used at a hacker convention" and my friend (who also knows too much to actually be in this class and who was with me at that convention) says, "hey, look....and there's Kevin's name!"
Yup, that's right...its the first time that the Wall of Sheep used BlueTooth at DefCON in 2005. That also happens to be the time that I ended up getting in an argument with some other attendees about how vulnerable BlueTooth really is and I put my money where my mouth was...I put my MacBook Pro and Treo on "discoverable" and hung out in the main area for most of the day/night (which isn't hard since I'm on staff at DefCON as well). Suffice it to say that neither was broken into, no data was changed, traffic exchanged, etc.
So, if you look at the SANS GSEC "Security 401, Security Essentials Bootcamp Style 401.4, Secure Communications" book on page 231 you'll see my name. I'll post a picture of the screenshot or something later.
Subscribe to:
Posts (Atom)