More Video On DanKam
Categories: Security
Leave a Reply Cancel reply
Major Projects
Phreebird: Zero Configuration DNSSEC
Interpolique: Easy Cross Language Injection Defense For The Web
DanKam: Augmented Reality for Color Blindness
Security Talks
2010
Introducing The Domain Key Infrastructure:
Zero Configuration DNSSEC Serving, End-To-End Client Integration w/ UI Via OpenSSL and Secure Proxies, Federated OpenSSH, DNS over HTTP/X.509, Self-Securing URLs, Secure Scalable Email (Finally!)
Slides
Code (Phreebird Suite)
Black Hat USA Slides
Interpolique:
Where's The Safety in Type Safety?, Preventing Injection Attacks (XSS/SQL) With String Safety, Why Ease Of Use Matters, Automatic Query Parameterization, How LISP Was Right About Dynamic Scope, Dynamic DOM Manipulation For Secure Integration of Untrusted HTML
Slides Audio
Code
Realism in Web Defense:
Why Security Fails, What's Wrong With Session Management On The Web, The Failure Of Referrer Checking, Interpreter Suicide, Towards a Real Session Context, Treelocking, The Beginnings of Interpolique
Slides
2009
Staring Into The Abyss:
Middleware Fingerprinting, Firewall Rule Bypass, Internal Address Disclosure, Same Origin Attacks Against Proxied Hosts, TCP NAT2NAT via Active FTP And TCP Spoofing
Slides Paper
Black Ops Of PKI:
Structural Weaknesses of X.509, Architectural Advantages of DNSSEC, ASN.1 Confusion, Null Terminator Attacks Against Certificates
Slides Video
Financial Cryptography Paper
2008
It's The End Of The Cache As We Know It:
DNS Server+Client Cache Poisoning, Issues with SSL, Breaking “Forgot My Password” Systems, Attacking Autoupdaters and Unhardened Parsers, Rerouting Internal Traffic
Black Hat Slides
BH Fed Slides (Adds Drupal, DNSSEC)
Video Audio
"Illustrated Guide To The Kaminsky Bug"
Sarah on DNS
Ad Injection Gone Wild:
Subdomain NXDOMAIN injection for Universal Cross Site Scripting
Slides
2007
Design Reviewing The Web:
DNS Rebinding, VPN to the Browser, Provider Hostility Detection, Audio CAPTCHA Analysis
Slides Video
2006
Pattern Recognition:
Net Neutrality Violation Detection, Large Scale SSL Scanning, Securing Online Banking, Cryptomnemonics, Context Free Grammar Fuzzing, Security Dotplots
Slides
Weaponizing Noam Chomsky, or Hacking with Pattern Languages:
The Nymic Domain, XML Trees For Automatically Extracted Grammar, Syntax Highlighting for Compression Depth, Live Discovered Grammar Rendering, "CFG9000" Context Free Grammar Fuzzer, Dotplots for Format Identification and Fuzzer Guidance, Tilt Shift Dotplots, Visual Bindiff
Slides Video Code
2005:
Black Ops of TCP/IP 2005.5:
Worldwide DNS Scans, Temporal IDS Evasion, the Sony Rootkit, MD5 Conflation of Web Pages
Slides Video
2004:
MD5 To Be Considered Harmful Someday:
Applied Attacks Against Simple Collisions Via Malicious Appendage, Executable Confusion, Auditor Bypass, Bit Commitment Shirking, HMAC Implications, Collision Steganography, P2P Attacks Against Kazaa Hash
Slides Paper
Code (Confoo)
Code (Stripwire)
Black Ops of DNS:
Tunneling Audio, Video, and SSH over DNS
Slides Audio
Code (OzymanDNS 0.1)
Code (OzymanDNS 0.1 for Windows)
2003:
Stack Black Ops:
Generic ActiveX, SQL for Large Network Scans, Bandwidth Brokering, SSL for IDS’s
Slides Audio
Code (Paketto Keiretsu 2.00pre5)
2002:
Black Ops of TCP/IP:
High Speed Scanning, Parasitic Traceroute, TCP NAT2NAT
Slides Audio 1 Audio 2
Code (Paketto Keiretsu 1.01)
2001:
Gateway Cryptography:
SSH Dynamic Forwarding, Securing Meet-In-The-Middle, PPTP over SSH
Slides Audio
SSH Cheat Sheet
Other Research
@dakami
- RT @dangoodin001: RT @thorsheim: "Password Crackers Hierarchy of Needs" twitpic.com/csjult #passwords13 passwordscon.org 10 hours ago
- RT @bmirvine: @dakami I think x.25 celebrated in Los banos. 10 hours ago
- Ethernet, a major tech that enabled the Internet, is celebrating it's 40th in Los Gatos, CA. Los Gatos == THE CATS #ethernet40 11 hours ago
- RT @rstevens: Due to recent gains in productivity, I would like to announce that we can now afford to hate both the player AND the game 12 hours ago
- RT @igrigorik: as usual, SIGGRAPH 2013 trailer is full of mind-blowing research: bit.ly/12RpTTE - it's the future, today.. 12 hours ago
- RT @sapinker: Beware of experimental economic games interpreted at face value rather than in the light of players' perceptions - Ahttp://b… 13 hours ago
- washingtonpost.com/politics/presi… Full Transcript of President Obama's speech on National Security. 14 hours ago
Dan, Great press! http://wp.me/p1dCEP-Ak
I can’t wait for the upgrade! Please don’t forget my suggestion of flipping the color wheel for us CB artists. Thank you so much. I use it all the time.
Dan
Great app and contribution for people with problems visualing color.
I see a need for a converse app that will aid normal sighted people in visualizing some forms of color blindness.
Why ?
Because it could aid designers of web pages to traffic signs, an ability to create designs that are more useful and helpful to people with the most common color deficiencies.
I would like to contribute what I can to such an app.
thankyou for your work
Jim Bigley