Papers & Presentations

Presentations

  Bsides ATL 2011: Pentesting From "Low" to "Pwned" (pdf) [no video]
  Description: Bsides ATL 2011: Pentesting From "Low" to "Pwned"
  HashDays 2011: Pentesting From "Low" to "Pwned" (pdf) (video)
  Description: HashDays 2011: Pentesting From "Low" to "Pwned"
  Derbycon 2011 The Dirty Little Secrets They Didn't Teach You In Pentesting Class (pdf) (video)
  Description: Derbycon 2011 The Dirty Little Secrets They Didn't Teach You In Pentesting Class (with Rob Fuller)
  Brucon 2011 The Evolution of Pentesting High Security Environements (with Joe McCray) (pdf) [no video]
  Description: Brucon 2011 Big Bang Theory: The Evolution of Pentesting High Security Environements (with Joe McCray)

  SOURCE Boston 2011 Attacking Oracle Web Applications with Metasploit and (wXf) (pdf) (video)
  Description: SOURCE Boston 2011 Attacking Oracle Web Applications with Metasploit and wXf
  Troopers 11 2011 Attacking Oracle Web Applications with Metasploit (pdf) [no video]
  Description: Troopers 11 2011 Attacking Oracle Web Applications with Metasploit
  BlackHat DC 2011 Attacking Oracle Web Applications with Metasploit (pdf) (whitepaper) (video)
  Description: BlackHat DC 2011 Attacking Oracle Web Applications with Metasploit
  wXf -- Web eXploitation Framework (pdf) (video)
  Description: OWASP AppSec DC 2010 Web eXploitation Framework with (Ken Johnson)
  Information Operations [not recorded]
  Description: Information Operations given at West Point NY 2010
  Penetration Testers: When Auditors Aren't Enough [not recorded]
  Description: CSI 2009 -- Penetration Testers: When Auditors Aren't Enough with (Chris Nickerson)
  Open Source Information Gathering -- BruCon 09 Edition(pdf) (video)
  Description: Open Source Information Gathering Slides -- BruCon Edition
  Defcon 17 Attacking Oracle with the Metasploit Framework(pdf) (video) (whitepaper)
  Description: Defcon 17 Attacking Oracle with the Metasploit Framework Slides
  Blackhat USA 09 Attacking Oracle with the Metasploit Framework (pdf) (video) (whitepaper)
  Description: BlackHat USA 09 Attacking Oracle with the Metasploit Framework Slides
  ChicagoCon 2009 Attacking Layer 8 Client-side Penetration Testing (pdf) [not recorded]
  Description: ChicagoCon 2009 Attacking Layer 8: Client-Side Penetration Testing
  Notacon 2009 Attacking Layer 8 Client-side Penetration Testing (pdf) (video)
  Description: Notacon 2009 Attacking Layer 8: Client-Side Penetration Testing
  SOURCE Boston 2009 Attacking Layer 8 Client-side Penetration Testing (pdf) (video) (video BlipTV)
  Description: SOURCE Boston 2009 Attacking Layer 8: Client-Side Penetration Testing
  Toorcon 2008: Open Source Intelligence Gathering (pdf) (video)
  Description: ToorCon 2008 Open Source Intelligence Gathering
  ChicagoCon 2008: Open Source Intelligence Gathering (pdf)
  Description: ChicagoCon 2008 Open Source Intelligence Gathering
  ChicagoCon 2007 Metasploit Day1: "Just the facts" (pdf) (audio)
  Description: Metasploit Fundamentals
  ChicagoCon 2007 Metasploit Day2: The Fun Stuff" (pdf) (audio)
  Description: Metasploit Exploitation & Post Exploitaton


Press
  Oracle Talk Hype (pdf)
  Description: Links to all the Oracle Hype from MC and I's talk in 2009
  How to pwn a company without really trying (pdf)
  Description: Information Gathering article from Information Security Magazine November 2008 (About the Toorcon talk)


Papers (old)

 Article: Hacker Defender Rootkit for the Masses (pdf)
 Description: Hacker Defender Rootkit How-to for hakin9 magazine
 Published in: hackin9 magazine
 Tutorial: Hping2 Basics (pdf)
 Description: Basics of using Hping2 and packet reading.
 Published on: www.EthicalHacker.net

 Tutorial: Metasploit Framework Web Interface v 2.6 (pdf)
 Description: Basics of using the Metasploit Framework Web Interface version 2.6.
 Published on: www.metasploit.com & www.EthicalHacker.net

 Tutorial: TCPDump Basics (pdf)
 Description: Basics of using TCPDump
 Published on: www.LearnSecurityOnline.com
 Tutorial: User2SID-SID2User (pdf)
 Description: Basics of using User2SID & SID2User tools
 Published on: www.windowsecurity.com & LSO

 Tutorial: UserInfo-UserDump (pdf)
 Description: Basics of using UserInfo & UserDump
 Published on: www.securitydocs.com & LSO
 Tutorial: Rainbow Tables and Rainbow Crack
 Description: Using Rainbow Table & Rainbowcrack and some information on strong passwords.
 Published on: www.windowsecurity.com & www.EthicalHacker.net
 Note: The article did pretty well on digg (made the frontpage)...click here to see a screenshot.
 Tutorial: HTTP Fingerprinting (pdf)
 Description: Some basics of HTTP fingerprinting, concept, tools, & defenses for IIS & Apache.
 Published on: www.LearnSecurityOnline.com

 Tutorial: Metasploit Framework v3 Basics (pdf)
 Description: Basics of using MSF v3, goes with the hack videos.
 Published on: www.LearnSecurityOnline.com

 Tutorial: MS Terminal Server Cracking (pdf)
 Description: Using TSGrinder, TScrack, and rdesktop to crack TS user accounts. Goes with this video.
 Published on: www.LearnSecurityOnline.com & EthicalHacker.net
 Tools: TScrack v2.1 (Local Copy)
 Note: Also good enough to be plagarised

 Tutorial: TEMPEST  (pdf)
 Description: Got interested in TEMPEST, did research, wrote a paper.
 Published on: www.EthicalHacker.net and www.infosecwriters.com

Home