|
DoC Informational Literatures |
|
|
|
DoC Informational Literatures |
|
Over the years members of the DoC have amassed a large collection of informational literatures of our own authorship.
It should be assumed that all files are copyrighted by the respective authors and permission should be obtained before reprinting.
- Why Evil is Good
All you need to know...
- Publically available crypto-tools
A lecture given at Defcon 5 as an overview and explanation of publically available crypto-tools.
RealAudio (28k-isdn surestream)
- How to use BSD to set up a firewall/gateway
A lecture given at Defcon 6, this talk covers the basics of using free software to setup a firewall/gateway machine. Basic concepts are reviewed, as is why certain things are important. Step by step instruction with examples are given.
Real Video Real Audio Only surestream)
- HOW MUCH MONEY $$$$$$ WILL YOUR COMPANY MAKE ON THE INTERNET!!!!!!!
An in-depth examination of current trends of thought regarding the, as yet, non-existent cash cow of the internet.
Written in layman's english. 10/96
- CGI Lecture
Notes transcribed and rewritten from two lectures on Basic CGI authoring at the BMUG InternetSIG 9/1/95 and the Bay Area Internet Users Group (BAIUG) 9/6/95.
- ActiveX and Security
A rant about Microsoft's total disregard for the safety of it's users and why ActiveX is not ready for prime time. 11/96
- Practical Collision Detection
as it appears in the Proceedings of the Computer Game Developer's Conference, 1997. Also avalible in the following formats: PDF. Word 97, Word 6, RTF, ASCII (uncompressed), ASCII (zipped), ASCII (gzipped).
- The Beginners Guide to RF hacking
All you need to know to get started in the world of RF Hacking
- Essays and Articles
Random essays on security and stuff.
- An Analysis of Dial-Up Modems and Vulnerabilities
Peter Shipley. Simson L. Garfinkel
This paper formally presents the results of the first large-scale survey of dialup modems. The survey dialed approximately 5.7 million telephone numbers in the 510, 415, 408, 650 and parts of the 707 area codes, and the subsequent analysis of the 46,192 responding modems that were detected.
- Managed Services
July 2001
As the costs of in house service rises, the costs of outsourcing drops. Like network connectivity, host management and web page content generation, firewall and IDS, managed services are becoming economical and more secure solutions.
- Remote Access
Feb 1997
With the increasing popularity of tele-commuting and the need for remote system management and inter-office network connectivity, the demand for remote access is something that cannot be ignored.
- Remote Access #2
March 1997
With the explosive growth of the Internet (and the explosive amounts of hype along with it), traditional security policies and procedures are being ignored and lost in the hype of firewalls and other Internet security technologies.
- Passwords
April 1997
With recent reports from the FBI concerning corporate espionage against U.S.-based companies exceeding $300 billion in 1997 alone, companies should guard their doors from unwelcome intruders now more then ever.
- Risk Management and Fault Tolerant Networks
June 1997
This months article is to covers the basics of Risk Management with regards to your Intranet and Internet presence.
Risk management is the systematic process of managing an organization's risk exposures in a effort to achieve a more reliable fault tolerant environment.
Simply put, it's a method for comparing potential gain against potential loss.
- The Threat from Within
July 1997
Incidents of both internal and external computer crimes appear to be on the rise. Recent surveys indicate that disgruntled employees may account for up to eighty-nine percent (89%) of attacks and security.
Lectures & Slides
Here are slides for lectures I have given
- LanJacking and WarDriving
A review of the state of security of wireless lans (WLANs) including the early results of a 18 month "Wardriving" WLAN Survey where statics have been collectd and analyzed revealing the shocking state of insecurity with today's deploied wireless networks.
A formal paper is soon to follow
740 in PDF format
- Wardialing in the 90's
Results of over two years of wardialing in the BayArea demonstrating that security weakness are still common viable threat. As of 1/1/98 the sample size is over five hundred and seventy (571) exchanges scanned, covering over five million numbers (5680296) and over forty-six thousand (46037) modem carriers.
Also see formal paper/essay list above.
61K in PDF format
- TCP/IP and its Weaknesses and Vulnerabilities
This lecture will cover basics security problems relating to TCP/IP Networks and applications. Most of the exploits discussed will be on the network level although a few examples of application level attacks will be discussed This lecture is geared toward Novices
54K in PDF format
- Third Party Audits
While it is common knowledge that a programmer should not perform QA on the code that s/he developed, the same can be said for validating the security integrity of a corporate site, network or software project. This talks about what to expect from a Third Party Audit as well as the different types of audits that avalible.
284K in PDF format
Patents:
Intelligent network security device and method
6,119,236 / 6,304,975
"An intelligent network security device ("INSD") operates in a local area network (""LAN") according to an intelligent network security method. The LAN has a plurality of computers and connects to the internet through a firewall. The INSD resides within the LAN such that data traversing between the LAN and the internet is accessible thereto. The INSD looks for code and patterns of behavior and assigns a value to perceived attempted security breaches. The INSD then directs the firewall to take any of a prescribed plurality of actions, based upon such value."
Phrack Articles
These are a few Articles I wrote for Taran King & Knight Lightning for Phrack Magazine a dacade ago.
- Unix Cracking Tips
Issue 25, File 5 of 11, [March 17, 1989]
The purpose of this file is to present tips for budding Unix hackers. The audience this is aimed at are those that are experienced at working with basic Unix, but not in the cracking aspects.- Sending Fakemail In Unix
Issue 25, File 8 of 12, [May 26, 1989]
Here is a shell script that can be use to send fakemail from any Unix system. Have fun and stay out of trouble.- Snarfing Remote Files
Issue 28, File #6, [October 7, 1989]
Simple intructions on using TFTP, UUCP and some older sendmail exploits.
Recorded Lectures
Here are recordings of some lectures I have given in the past that people recorded.
- Security Auditing
Defcon 3, Las Vegas 1995
This panel talks about various aspects of auditing clients, the problems with reporting, and war stories and advice from a variety of perspectives.
Real Audio (28k-isdn surestream)- Wardialing
Defcon 6, Las Vegas 1998
Presented is an an overview of a four year effort in massive multi-modem wardialing. These findings include some personal observations and the results obtained from scanning the San Francisco/Bay Area. This research was started it was noted that there were no published research references to wardialing or documented statistical results of the types of equipment and computer networks commonly found on the POTS (Plain old telephone system) network. Mr. Shipley decided to change that through his research.
Real Audio (28k-isdn surestream) Slides 61K in PDF format- Net Hacks and Defenses
CFP'98. Austin TX 1998
A tutorial covering cover some well-known and lesser-known host hacking techniques, hacker culture, and several promising methods for hardening the networks against all manner of terrorist and other attacks. Real Audio- LDAP Security
Blackhat '99 Las Vegas 1999
The lecture, done with Tom Jackiewicz, talk of the potential security problems in an LDAP environment.
Common errors and assumptions will be discussed as well as techniques used by network intruders to compromise LDAP servers and related systems and harvest data.
Real Audio- Intro to TCP/IP exploits
Defcon 7, Las Vegas 1999
Presented is an an intro to TCP/IP exploits, one of the most popular talks that year.
Real Video Real Audio OnlyOther Writings
- CLUB Edict
Commentary on how to behave at a nightclub.
- Lectures and Essays
Various Lectures and Writings.
- Copyright Vs. Free Speech
This Lecture, as presented at Defcon 6, is a description of the flaws in today's copyright system, and a (prescient) prediction of the disastrous consequences of the then pending DMCA.- CALEA Carnivore Lecture
This Lecture, as presented at IS2K in Korea, is about CALEA, Carnivore and possible Countermeasures. It presents an overview of the state of surveillance in the world today, introduces some of the many threats to data (some overt, most covert) and highlights the value of security in a very insecure world.- Quantum Computing (slides)
This Lecture, as presented at Defcon 9, is an introduction to the theory, technology, and potential of quantum computing, especially as it relates to cryptography. Also available, the raw notes from the lecture.- Wearable Computing
Slides from a lecture given to the graduate students at the Interaction Design Institute Ivrea on the technology behind wearable computers.- Patents
Issued Patents.
- 5,659,378/ 5,396,351
Polarizing fiber-optic layer for use with a flat panel display device.- 6,075,967/ 5,816,823
Input device and method for interacting with motion pictures incorporating content-based haptic feedback.- 5,971,156
Semiconductor chip tray with rolling contact retention mechanism.- 6,839,935
Methods and apparatus for cleaning optical connectors.
- Introduction to computer Viruses
This class given at defcon 7 covers how different virus work and how to defend agent them, including: Boot Sector Virus, File infecters, Multipart, Macro, and Fakes in the world.
Real Video Real Audio Only- Lock Picking explored
This Lecture, as presented at Defcon 7, V1rus presents a Lock picking class and covering Hand cuffs, improv picks. The Video also explores a cut away pin tumbling lock made by *Hobbit*.
Real Video Real Audio Only
>
To Dis.Org Root Tree
hitwat@dis.org