Whoami
Chris Gates
Twitter: @carnal0wnage
Blog: carnal0wnage.attackresearch.com
Slides: www.slideshare.net/chrisgates
Videos: vimeo.com/channels/carnal0wnage
carnal0wnage's github
https://github.com/carnal0wnage/
carnal0wnage's gists
https://gist.github.com/carnal0wnage
Metasploit Stuff
Talks Archive
Presentations
Ruxcon 11: "Puple Teaming: One Year After Going From Full Time Breaker To Part Time Fixer" (pdf)
Description: A little over a year ago I made the transition from external security consultant to internal offensive security engineer at Facebook. I went from a full time breaker to part time fixer. This talk is aimed at providing lessons learned and documenting the mindset changes I've made over the last year that I feel can be used by the industry as a whole. I've broken the lessons learned into three primary buckets; Red, Blue, and Purple and the talk will hopefully bring value to anyone working in their respective bucket or assist in their creation/continuing of purple teaming at their company.
Devops Days DC 2015: "DevOoops and How I Hacked You" (pdf) (video)
Description: In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates and Ken Johnson will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.
Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. This talk will most definitely be an entertaining one but a cautionary tale as well, provoking attendees into action. Ultimately, this is research targeted towards awareness for those operating within a DevOps environment. With (Ken Johnson)
DOJ CyberSecurity Symposium 2015: "DevOoops" (pdf)
Descripton: See Below. with (Ken Johnson)
LASCON 2014: "DevOoops" (pdf) (video)
Description: In a rare mash-up, DevOps is increasingly blending the work of both application and network security professionals. In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates (carnal0wnage) and Ken Johnson (cktricky) will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.
Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. Everything from common misconfigurations to remote code execution will be presented. This is brand new research to bring awareness to those responsible for securing a DevOps environment. (Ken Johnson)
Derbycon 2013: "Windows attacks - AT is the new black" (pdf) (video)
Description: A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats. (with Rob Fuller)
CUNA: "Top Security Challenges Facing Credit Unions Today" (pdf) (no video)
Description: Top Security Challenges Facing Credit Unions Today given at CUNA SEP 2013
IT Defense 2013/Shmoocon Epilogue 2013: "Big Bang Theory: The Evolution of Pentesting High Security Environments" (pdf) (video)
Description: Big Bang Theory: The Evolution of Pentesting High Security Environments IT Defense 2013/Shmoocon Epilogue 2013 (with Joe McCray)
HackCon 2012: "Dirty Little Secrets They Didn't Teach You In Pentest Class v2" (pdf) [no video]
Description: HackCon (Oslo Norway) 2012: Dirty Little Secrets They Didn't Teach You In Pentest Class v2 (with Rob Fuller)
NoVAHackers Monthly Meeting: "Exploiting Group Policy Preferences (GPP)" (pdf) [no video]
Description: NoVAHackers Monthly Meeting: Exploiting Group Policy Preferences (GPP)
DerbyCon 2012: "Pentesting From A Hot Tub Time Machine" (pdf) (video)
Description: DerbyCon 2012: Pentesting From A Hot Tub Time Machine (with Eric Smith)
DerbyCon 2012: "Dirty Little Secrets They Didn't Teach You In Pentest Class v2" (pdf) (video)
Description: DerbyCon 2012: Dirty Little Secrets They Didn't Teach You In Pentest Class v2 (with Rob Fuller)
SOURCE Boston 2012: "ColdFusion for Penetration Testers" (pdf) (video)
Description: SOURCE Boston 2012: ColdFusion for Penetration Testers"
Bsides ATL 2011: "Pentesting From "Low" to "Pwned" (pdf) [no video]
Description: Bsides ATL 2011: Pentesting From "Low" to "Pwned"
HashDays 2011: "Pentesting From "Low" to "Pwned" (pdf) (video)
Description: HashDays 2011: Pentesting From "Low" to "Pwned"
HashDays 2011: Management Track: "Information Operations for Management or "Why You Should Care About More Than Crimeware"" (pdf--ask for it) [not recorded]
Description: HashDays 2011: Management Track: Information Operations for Management or "Why You Should Care About More Than Crimeware"
Derbycon 2011: "The Dirty Little Secrets They Didn't Teach You In Pentesting Class" (pdf) (video)
Description: Derbycon 2011 The Dirty Little Secrets They Didn't Teach You In Pentesting Class (with Rob Fuller)
Brucon 2011: "The Evolution of Pentesting High Security Environments" (with Joe McCray) (pdf) [no video]
Description: Brucon 2011 Big Bang Theory: The Evolution of Pentesting High Security Environments (with Joe McCray)
Metasploit Auxiliary Modules (pdf) (video)
Description: Metasploit Auxiliary Modules; was asked to do a overview of Metasploit Aux Modules for Metasploit class that was happening at Reverse Space in Northern VA.
SOURCE Boston 2011: "Attacking Oracle Web Applications with Metasploit and wXf" (pdf) (video)
Description: SOURCE Boston 2011 Attacking Oracle Web Applications with Metasploit and wXf
Troopers 11 2011: "Attacking Oracle Web Applications with Metasploit" (pdf) [no video]
Description: Troopers 11 2011 Attacking Oracle Web Applications with Metasploit
BlackHat DC 2011: "Attacking Oracle Web Applications with Metasploit" (pdf) (whitepaper) (video)
Description: BlackHat DC 2011 Attacking Oracle Web Applications with Metasploit
OWASP AppSec DC 2010: "wXf -- Web eXploitation Framework" (pdf) (video)
Description: Web eXploitation Framework with (Ken Johnson)
Information Operations [not recorded]
Description: Information Operations given at West Point NY 2010
CSI 2009: "Penetration Testers: When Auditors Aren't Enough" [not recorded]
Description: CSI 2009 -- Penetration Testers: When Auditors Aren't Enough with (Chris Nickerson)
BruCon 09: "Open Source Information Gathering -- BruCon 09 Edition" (pdf) (video)
Description: Open Source Information Gathering Slides -- BruCon Edition
Defcon 17: "Attacking Oracle with the Metasploit Framework" (pdf) (video) (whitepaper)
Description: Defcon 17 Attacking Oracle with the Metasploit Framework with MC
Blackhat USA 09: "Attacking Oracle with the Metasploit Framework" (pdf) (video) (whitepaper)
Description: BlackHat USA 09 Attacking Oracle with the Metasploit Framework Slides
ChicagoCon 2009: "Attacking Layer 8 Client-side Penetration Testing" (pdf) [not recorded]
Description: ChicagoCon 2009 Attacking Layer 8: Client-Side Penetration Testing
Notacon 2009: "Attacking Layer 8 Client-side Penetration Testing" (pdf) (video)
Description: Notacon 2009 Attacking Layer 8: Client-Side Penetration Testing
SOURCE Boston 2009: "Attacking Layer 8 Client-side Penetration Testing" (pdf) (video)
Description: SOURCE Boston 2009 Attacking Layer 8: Client-Side Penetration Testing
Toorcon 2008: "Open Source Intelligence Gathering" (pdf) (video)
Description: ToorCon 2008 Open Source Intelligence Gathering
ChicagoCon 2008: "Open Source Intelligence Gathering" (pdf)
Description: ChicagoCon 2008 Open Source Intelligence Gathering
ChicagoCon 2007: "Metasploit Day1: "Just the facts" (pdf) (audio)
Description: Metasploit Fundamentals
ChicagoCon 2007: "Metasploit Day2: The Fun Stuff" (pdf) (audio)
Description: Metasploit Exploitation & Post Exploitation
Press
Dirty Little Secrets Talk Interview on ComputerWorld link
Desription: Article + interview about mine and Mubix's Derbycon talk in 2011
Oracle Talk Hype (pdf)
Description: Links to all the Oracle Hype from MC and I's talk in 2009
How to pwn a company without really trying (pdf).
Description: Information Gathering article from Information Security Magazine November 2008 (About the Toorcon talk)
Papers (old)
EthicalHacker.net Articles
https://www.ethicalhacker.net/category/columns/gates
Article: Hacker Defender Rootkit for the Masses (pdf)
Description: Hacker Defender Rootkit How-to for hakin9 magazine.
Published in: hackin9 magazine
Tutorial: Hping2 Basics (pdf)
Description: Basics of using Hping2 and packet reading.
Published on: www.EthicalHacker.net
Tutorial: Metasploit Framework Web Interface v 2.6 (pdf)
Description: Basics of using the Metasploit Framework Web Interface version 2.6.
Published on: www.metasploit.com & www.EthicalHacker.net
Tutorial: TCPDump Basics (pdf)
Description: Basics of using TCPDump.
Published on: LearnSecurityOnline
Tutorial: User2SID-SID2User (pdf)
Description: Basics of using User2SID & SID2User tools.
Published on: windowsecurity.com & LearnSecurityOnline
Tutorial: UserInfo-UserDump (pdf)
Description: Basics of using UserInfo & UserDump.
Published on: www.securitydocs.com & LearnSecurityOnline
Tutorial: Rainbow Tables and Rainbox Crack
Description: Using Rainbow Table & Rainbowcrack and some information on strong passwords.
Published on: windowsecurity.com & www.EthicalHacker.net
Note: The article did pretty well on digg (made the frontpage)...click here to see a screenshot.
Tutorial: HTTP Fingerprinting (pdf)
Description: Some basics of HTTP fingerprinting, concept, tools, & defenses for IIS & Apache.
Published on: LearnSecurityOnline
Tutorial: Metasploit Framework v3 Basics (pdf)
Description: Basics of using MSF v3, goes with the hack videos.
Published on: LearnSecurityOnline
Tutorial: MS Terminal Server Cracking (pdf)
Description: Using TSGrinder, TScrack, and rdesktop to crack TS user accounts. Goes with this video.
Published on: LearnSecurityOnline & EthicalHacker.net
Tools: TScrack v2.1 (Local Copy)
Note: Also good enough to be plagiarized
Tutorial: TEMPEST (pdf)
Description: Got interested in TEMPEST, did research, wrote a paper.
Published on: www.EthicalHacker.net and www.infosecwriters.com