Published Work

(actively building this out)

2018: Recon for Defenders (RSA 2018) – Forthcoming

2017: Attack Surface Discovery with Intrigue (DEFCON 25 Recon Village) – This talk could be considered Intrigue-Core 101, introducing some of the concepts of the framework and how they come together to allow fast and accurate recon of an organization. Quick talk packed with live demos for extra win.

2015: Hard Knock Lessons on Bug Bounties (Appsec EU) – A continuation of the work put together for Derbycon and a deeper exploration of edge cases in bug bounties and how they can catch both program owners and researchers. Novel data and findings on success in a bug bounty.

2014: Everybody Gets Clickjacked (Derbycon) – An early exploration of the Bugcrowd data, and edge cases that can catch both researchers and program owners. Novel data and ideas about Bug Bounties.  I’m not much to look at, but the data is pretty.

2013: Operation TUNA aka Happy Fun MTA Exploration (Austin Hackers Anonymous) – This presentation was a ton of fun to put together and deliver. Essentially we crafted and sent emails designed to bounce back, collecting the results and using them to broadly fingerprint organizations. I think we failed to anticipate how WEIRD some stuff is out there on the Internet. Novel ideas about how to broadly fingerprint organizations on the internet.

2013: Practical Man-in-the-Middle (MitM) For Pentesters (SOURCE Boston) – An attempt to round up the currently working (and currently automated) techniques for assessors. The techniques discussed were not novel, and it built on the prior work of many others – but at the time was the best collection of this kind of information available in a single place.

2012: Advanced Persistent Pentesting (Hacker Halted Miami) – A survey of  publicly available Tactics, Tools, and Procedure (TTP) information about what was becoming known as an Advanced Persistent Threat (APT) and what later came to be called a Nation-state actor. Through this analysis, I discussed how the techniques being used were largely similar to current state-of-the-art in penetration testing, and advocated that Enterprise security teams focus on red team tactics.

2011 – E.A.R. – Extensible API for Reconnaissance (Masshackers) – An early exploration of the possibilities of automated OSINT, E.A.R. was a framework for organization-focused recon, and this talk/demo showed how it worked, and the ideas could be extended to a multitude of possiblities for the Pentester.