Carnal0wnage

View on GitHub

Whoami

Chris Gates
CG
Twitter: @carnal0wnage
Blog: carnal0wnage.attackresearch.com
Slides: www.slideshare.net/chrisgates
Videos: vimeo.com/channels/carnal0wnage

carnal0wnage's github

https://github.com/carnal0wnage/

carnal0wnage's gists

https://gist.github.com/carnal0wnage

Metasploit Stuff

Metasploit Code

Talks Archive

Presentations

Ruxcon 11: "Puple Teaming: One Year After Going From Full Time Breaker To Part Time Fixer" (pdf)
Description: A little over a year ago I made the transition from external security consultant to internal offensive security engineer at Facebook. I went from a full time breaker to part time fixer. This talk is aimed at providing lessons learned and documenting the mindset changes I've made over the last year that I feel can be used by the industry as a whole. I've broken the lessons learned into three primary buckets; Red, Blue, and Purple and the talk will hopefully bring value to anyone working in their respective bucket or assist in their creation/continuing of purple teaming at their company.

Devops Days DC 2015: "DevOoops and How I Hacked You" (pdf) (video)
Description: In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates and Ken Johnson will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure. Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. This talk will most definitely be an entertaining one but a cautionary tale as well, provoking attendees into action. Ultimately, this is research targeted towards awareness for those operating within a DevOps environment. With (Ken Johnson)

DOJ CyberSecurity Symposium 2015: "DevOoops" (pdf)
Descripton: See Below. with (Ken Johnson)

LASCON 2014: "DevOoops" (pdf) (video)
Description: In a rare mash-up, DevOps is increasingly blending the work of both application and network security professionals. In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates (carnal0wnage) and Ken Johnson (cktricky) will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.

Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. Everything from common misconfigurations to remote code execution will be presented. This is brand new research to bring awareness to those responsible for securing a DevOps environment. (Ken Johnson)

Derbycon 2013: "Windows attacks - AT is the new black" (pdf) (video)
Description: A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats. (with Rob Fuller)

CUNA: "Top Security Challenges Facing Credit Unions Today" (pdf) (no video)
Description: Top Security Challenges Facing Credit Unions Today given at CUNA SEP 2013

IT Defense 2013/Shmoocon Epilogue 2013: "Big Bang Theory: The Evolution of Pentesting High Security Environments" (pdf) (video)
Description: Big Bang Theory: The Evolution of Pentesting High Security Environments IT Defense 2013/Shmoocon Epilogue 2013 (with Joe McCray)

HackCon 2012: "Dirty Little Secrets They Didn't Teach You In Pentest Class v2" (pdf) [no video]
Description: HackCon (Oslo Norway) 2012: Dirty Little Secrets They Didn't Teach You In Pentest Class v2 (with Rob Fuller)

NoVAHackers Monthly Meeting: "Exploiting Group Policy Preferences (GPP)" (pdf) [no video]
Description: NoVAHackers Monthly Meeting: Exploiting Group Policy Preferences (GPP)

DerbyCon 2012: "Pentesting From A Hot Tub Time Machine" (pdf) (video)
Description: DerbyCon 2012: Pentesting From A Hot Tub Time Machine (with Eric Smith)

DerbyCon 2012: "Dirty Little Secrets They Didn't Teach You In Pentest Class v2" (pdf) (video)
Description: DerbyCon 2012: Dirty Little Secrets They Didn't Teach You In Pentest Class v2 (with Rob Fuller)

SOURCE Boston 2012: "ColdFusion for Penetration Testers" (pdf) (video)
Description: SOURCE Boston 2012: ColdFusion for Penetration Testers"

Bsides ATL 2011: "Pentesting From "Low" to "Pwned" (pdf) [no video]
Description: Bsides ATL 2011: Pentesting From "Low" to "Pwned"

HashDays 2011: "Pentesting From "Low" to "Pwned" (pdf) (video)
Description: HashDays 2011: Pentesting From "Low" to "Pwned"

HashDays 2011: Management Track: "Information Operations for Management or "Why You Should Care About More Than Crimeware"" (pdf--ask for it) [not recorded]
Description: HashDays 2011: Management Track: Information Operations for Management or "Why You Should Care About More Than Crimeware"

Derbycon 2011: "The Dirty Little Secrets They Didn't Teach You In Pentesting Class" (pdf) (video)
Description: Derbycon 2011 The Dirty Little Secrets They Didn't Teach You In Pentesting Class (with Rob Fuller)

Brucon 2011: "The Evolution of Pentesting High Security Environments" (with Joe McCray) (pdf) [no video]
Description: Brucon 2011 Big Bang Theory: The Evolution of Pentesting High Security Environments (with Joe McCray)

Metasploit Auxiliary Modules (pdf) (video)
Description: Metasploit Auxiliary Modules; was asked to do a overview of Metasploit Aux Modules for Metasploit class that was happening at Reverse Space in Northern VA.

SOURCE Boston 2011: "Attacking Oracle Web Applications with Metasploit and wXf" (pdf) (video)
Description: SOURCE Boston 2011 Attacking Oracle Web Applications with Metasploit and wXf

Troopers 11 2011: "Attacking Oracle Web Applications with Metasploit" (pdf) [no video]
Description: Troopers 11 2011 Attacking Oracle Web Applications with Metasploit

BlackHat DC 2011: "Attacking Oracle Web Applications with Metasploit" (pdf) (whitepaper) (video)
Description: BlackHat DC 2011 Attacking Oracle Web Applications with Metasploit

OWASP AppSec DC 2010: "wXf -- Web eXploitation Framework" (pdf) (video)
Description: Web eXploitation Framework with (Ken Johnson)

Information Operations [not recorded]
Description: Information Operations given at West Point NY 2010

CSI 2009: "Penetration Testers: When Auditors Aren't Enough" [not recorded]
Description: CSI 2009 -- Penetration Testers: When Auditors Aren't Enough with (Chris Nickerson)

BruCon 09: "Open Source Information Gathering -- BruCon 09 Edition" (pdf) (video)
Description: Open Source Information Gathering Slides -- BruCon Edition

Defcon 17: "Attacking Oracle with the Metasploit Framework" (pdf) (video) (whitepaper)
Description: Defcon 17 Attacking Oracle with the Metasploit Framework with MC

Blackhat USA 09: "Attacking Oracle with the Metasploit Framework" (pdf) (video) (whitepaper)
Description: BlackHat USA 09 Attacking Oracle with the Metasploit Framework Slides

ChicagoCon 2009: "Attacking Layer 8 Client-side Penetration Testing" (pdf) [not recorded]
Description: ChicagoCon 2009 Attacking Layer 8: Client-Side Penetration Testing

Notacon 2009: "Attacking Layer 8 Client-side Penetration Testing" (pdf) (video)
Description: Notacon 2009 Attacking Layer 8: Client-Side Penetration Testing

SOURCE Boston 2009: "Attacking Layer 8 Client-side Penetration Testing" (pdf) (video)
Description: SOURCE Boston 2009 Attacking Layer 8: Client-Side Penetration Testing

Toorcon 2008: "Open Source Intelligence Gathering" (pdf) (video)
Description: ToorCon 2008 Open Source Intelligence Gathering

ChicagoCon 2008: "Open Source Intelligence Gathering" (pdf)
Description: ChicagoCon 2008 Open Source Intelligence Gathering

ChicagoCon 2007: "Metasploit Day1: "Just the facts" (pdf) (audio)
Description: Metasploit Fundamentals

ChicagoCon 2007: "Metasploit Day2: The Fun Stuff" (pdf) (audio)
Description: Metasploit Exploitation & Post Exploitation

Press

Dirty Little Secrets Talk Interview on ComputerWorld link
Desription: Article + interview about mine and Mubix's Derbycon talk in 2011

Oracle Talk Hype (pdf)
Description: Links to all the Oracle Hype from MC and I's talk in 2009

How to pwn a company without really trying (pdf).
Description: Information Gathering article from Information Security Magazine November 2008 (About the Toorcon talk)

Papers (old)

EthicalHacker.net Articles
https://www.ethicalhacker.net/category/columns/gates

Article: Hacker Defender Rootkit for the Masses (pdf)
Description: Hacker Defender Rootkit How-to for hakin9 magazine.
Published in: hackin9 magazine

Tutorial: Hping2 Basics (pdf)
Description: Basics of using Hping2 and packet reading.
Published on: www.EthicalHacker.net

Tutorial: Metasploit Framework Web Interface v 2.6 (pdf)
Description: Basics of using the Metasploit Framework Web Interface version 2.6.
Published on: www.metasploit.com & www.EthicalHacker.net

Tutorial: TCPDump Basics (pdf)
Description: Basics of using TCPDump.
Published on: LearnSecurityOnline

Tutorial: User2SID-SID2User (pdf)
Description: Basics of using User2SID & SID2User tools.
Published on: windowsecurity.com & LearnSecurityOnline

Tutorial: UserInfo-UserDump (pdf)
Description: Basics of using UserInfo & UserDump.
Published on: www.securitydocs.com & LearnSecurityOnline

Tutorial: Rainbow Tables and Rainbox Crack
Description: Using Rainbow Table & Rainbowcrack and some information on strong passwords.
Published on: windowsecurity.com & www.EthicalHacker.net
Note: The article did pretty well on digg (made the frontpage)...click here to see a screenshot.

Tutorial: HTTP Fingerprinting (pdf)
Description: Some basics of HTTP fingerprinting, concept, tools, & defenses for IIS & Apache.
Published on: LearnSecurityOnline

Tutorial: Metasploit Framework v3 Basics (pdf)
Description: Basics of using MSF v3, goes with the hack videos.
Published on: LearnSecurityOnline

Tutorial: MS Terminal Server Cracking (pdf)
Description: Using TSGrinder, TScrack, and rdesktop to crack TS user accounts. Goes with this video.
Published on: LearnSecurityOnline & EthicalHacker.net
Tools: TScrack v2.1 (Local Copy)
Note: Also good enough to be plagiarized

Tutorial: TEMPEST (pdf)
Description: Got interested in TEMPEST, did research, wrote a paper.
Published on: www.EthicalHacker.net and www.infosecwriters.com