Clik here to view.
Battle: Moscone Center (Part 1)
For the past decade, I've been avoiding the RSA Conference like the plague, ever since I came to the realization that blinkenlights, booze, buzzwords, and booth babes don't actually solve security...
View ArticleMiscellaneous repo
After putting it off for a while, I finally got around to committing the first of my little "miscellaneous" scripts, snippets, etc. from "then" and "now." There are only a couple of things there right...
View ArticleClik here to view.
BeaCon!
As the three people reading my blog may know, I'm involved with MassHackers, a sort of meetup group in the Boston area (somewhat styled after AHA). We recently decided, in a mad rush of surprisingly...
View ArticleClik here to view.
TEAM JOCH Presents: Lessons In Mobile Penetration Testing
I will be teaming up once again with my good buddy, teen idol sensation, and the first half of the "JOCH" in "TEAM JOCH", Mr. Jon Oberheide, to teach a two-day training session on mobile...
View ArticleSlides and video from TEAM JOCH's ShmooCon 2011 presentation
I finally got around to uploading the slides from the talk Jon Oberheide and I gave at ShmooCon this year ("TEAM JOCH vs. Android: The Ultimate Showdown"). The slides can be found, as PDF, at...
View ArticleQuick and dirty pcap slicing with tshark and friends
Network protocols are complex. Reconstructing data structures out of pcap-formatted datastreams manually is tough. Packet loss and fragmentation make things tougher. Analyzing anything above the...
View ArticleOWASP Mobile Top 10 Risks at AppSec USA
(Cross-posted from the Intrepidus Group Insight blog)As one of the project leaders for the OWASP Mobile Security Project, it behooved me to help present, nay unveil the Release Candidate of the OWASP...
View ArticleVoight-Kampff'ing The BlackBerry PlayBook - SOURCE Boston 2012
This past week, Ben and I presented at SOURCE Boston 2012 what (we hope) is the third and final iteration of our BlackBerry PlayBook talk, entitled "Voight-Kampff'ing The BlackBerry PlayBook". Though...
View ArticleErrata to "Avoiding Android App Security Pitfalls" preso
In mid-July of this year, I presented "Avoiding Android App Security Pitfalls" at Mobile+Web DevCon 2012 in San Francisco, CA (NOTE: I also gave a similar talk at CAD Inc's IT Hot Topics conference)....
View ArticleClik here to view.
BeaCon 2013!
For the *third* year in a row, MassHackers (a "meetup"-ish group I co-founded with a few other folks [during my time in Boston], and currently organized by Brandon Tansey) will be holding it's...
View ArticleClik here to view.
Lessons In Mobile Penetration Testing at SOURCE Boston 2013
I'll once again be giving "Lessons In Mobile Penetration Testing" at SOURCE Boston this year. The class is currently undergoing some restructure, including revised class material, new/updated labs, and...
View ArticleClik here to view.
SOURCE Boston Capture The Flag Competition
In case you hadn't already heard, SOURCE Boston and MassHackers are teaming up to put on a Capture The Flag (CTF) competition April 18-19, right after SOURCE Boston and just before MassHackers' BeaCon...
View ArticleClik here to view.
Some UnSexy CSipSimple Flaws
I decided to take a very quick pass at Android API-level issues in the CSipSimple SIP application for Android. I recently began testing this app out after signing up for an OSTEL account, where they...
View Article