Archive for the ‘hpavc’ Category

Exploits for Kaminsky’s DNS Cache Poisoning Flaw

July 23, 2008

I patched the second Kaminsky told us all to ~15 days ago… did you?



Metasploit blog post about these exploits.


Context-keyed Payload Encoding Whitepaper

January 28, 2008

Today, my research paper entitled “Context-keyed Payload Encoding” was published in Uninformed Journal vol. 9. If you’re into exploitation technology, you should check it out. This is the research I presented at ToorCon 9 last October.

Real-time Steganography with RTP Whitepaper

September 18, 2007

My paper detailing the research I presented last month at DEFCON 15 was published today in Uninformed Journal Vol. 8. The paper is entitled “Real-time Steganography with RTP” and details using steganographic techniques to establish a covert channel within the protocol commonly used for the media channel in VoIP calls as well as a reference implementation.

Real-time Steganography with RTP

August 9, 2007

Last weekend I gave my presentation at DEFCON 15 entitled Real-time Steganography with RTP. At the same time, I released my reference implementation for the research which is called SteganRTP.

First, let me say that I hate computers. I hate them, hate them, hate them. Upon booting up my laptop in the speaker green room prior to my talk it decided to have all kinds of problems with my live demo setup. The audio was choppy, the endpoints didn’t want to sync up, basically mass chaos all contained within my laptop. Luckily I had gotten to the green room fairly early so after some quick debugging and a reboot everything was operating fine. It was a close call though, as the very minute I got it all back to normal it was time to walk down to the room I was scheduled to speak in.

My talk was essentially about a research project I’ve been working on for the past couple months in what little spare time I’ve had at home involving hiding a data communications protocol inside a VoIP call’s audio. My talk went well, although I did rush through it a bit hoping to end close to my allotted 50 minutes but I actually ended up finishing about 10 minutes early. Since I finished early I went ahead and took questions there in addition to later in the Q&A room for my track. I had some fairly good questions and one stupid question from intropy & co. at the back of the room (: I then went over to my Q&A room where this one guy proceeded to ask me questions for almost the entire next hour.

Anyhow, my presentation went really well, and you can check out the slides and the tool at the links above.

Underground Scene Dying?

July 5, 2007

A few days ago I was reading an article from the recently released Phrack 64 entitled A brief history of the Underground scene by Duvel. In his article, he suggests that the “Underground scene” is dying, and a large part of that is being contributed to by the commercialization of information security and hacking. He also suggests that what it means to be an elite hacker or security expert now is to come up with something novel like a new way to encode shellcode or deliver an exploit payload, and then go on the “conference circuit”:

Another incredible thing about these security conferences is what I would call the “conference circuit”. Nowadays, if you are a security expert, the trend is to give the same talk at different security conferences around the world. More than 50% of all security experts are doing this. They go in America at BlackHat, Defcon and CanSecWest, after they move in Europe and they finish in Asia or Australia. They can even do BlackHat America, BlackHat Europe and BlackHat Asia! Like Roger Federer or Tiger Woods, they try to do the Grand Slam! So you can find a conference given in 2007 which is more or less the same than one in 2005. Thus it seems we have now a new profession in our wonderful security world: “conferences runner” !

In a sense, I tend to agree with him about speakers and conferences. In fact, I maintain a Google Calendar of just such conferences, and believe me there are a lot of them, and many of them present the same material to different geographic regions. However, I don’t necessarily agree with him that the Underground scene is “dying”… (more…)