Top Tweets for #hackerthrowback
#hackerthrowback me giving one of the first talks at the first bsides at the house @indi303 rented in vegas
#hackerthrowback For the young hackers who don't know all the history yet, and since we've been talking about some of this recently: Here is a list of all the papers / talks I can remember giving:
2004 Reverse Engineering Malcious Binaries - focusing on unix malware and RE approaches. - https://t.co/4FsfepMjWW
2004 Discovering and Exploiting HTTP Vulnerabilities - Early example of MiTM attacks against a CUPS print server web application. - https://t.co/J4rfDh073u
2004 Advanced Firewall Penetration Methos (with Delchi) - Approaches for bypassing firewalls, session hijacking, reverse shells, VPN piggybacking, tunneling to bypass egress filtering. - https://t.co/itt9I2mhCZ
2005 Finding and Exploiting Simple Local Buffer Overflows - Talks through intel CPU architecture, finding vulnerable target binaries, early fuzzing, dynamic instrumentation to analyze memory, shell code development, and exploitation. https://t.co/1Q30iIxdmH
2006 Defcon - Hacking Malware - Virtual machine detection, ways of bypassing malware obfuscation, trampoline exploits against malware (like Sasser) and the release of Offensive Computing (an automated malware analysis and community site similar to Virustotal before Virustotal existed.) https://t.co/yzp1jyw9Zt Also the exploit / metasploit module : https://t.co/CBk07ecWLc
2006 Detecting the Presence of Virtual Machines Using the Local Data Table (with Quist) - Virtual machine detection was important in advanced malware armoring. This paper gives a new approach. https://t.co/UZWwvBbdOP
2006 Defcon Further Down the VM Spiral (with Quist) - More advanced approaches to virtual machine detection. https://t.co/9U5irpPvRo
2006 Around this time Quist and I gave a lecture at The Santa Fe Institute on automated malware analysis. I can't find any records about it as it was a private small Summit event with major CTOs and execs (Microsoft, CISCO, etc.)
2007 Blackhat and Defcon - Covert Debugging Circumventing Software Armoring (with Quist) - Techniques for automated unpacking / deobfuscating of malware - https://t.co/TGgiKq7Cpm https://t.co/HJbZewoRo3 https://t.co/dMXGnfxFQF
2007 Defcon Malware Secrets (with delchi) approaches to gathering threat and brand intelligence from a huge malware collection. Release of PIZDA tool. AV comparatives. - https://t.co/xHtLzoXNNm https://t.co/Du0hgSVgGJ
2007 Blackhat and Defcon - Tactial Exploitation (with HDM) - A ton of hacker techniques for breaking into systems including ssh hijacking, kerberos ticket stealing, all kinds of enumeration, war dialing. This talk became a training class for many years. We had like 5000 people in the audience, the fire marshal came. - https://t.co/WJUMiNVMYr https://t.co/IjwVHiv7Pr https://t.co/dJkoK5YPF1
Around this time I gave a guest lecture at New Mexico Tech on memory corruption exploitation.
2008 ShmooCon – Malware Software Armoring Circumvention (also referred to as Covert Debugging: Circumventing Software Armoring Techniques) (with Danny Quist) - This was the follow-up/expanded version of the 2007 Black Hat/DEF CON covert debugging talk. It covered the Saffron covert debugging platform using dynamic instrumentation and page-fault assisted debugging to unpack/obfuscated malware without triggering anti-analysis tricks.
Defcon 2008 Meta-Post Exploitation - Post-exploitation techniques including how to manage 1000s of passwords, cracking sessions, spraying, stealthy supply chain attack examples, and released the tools MetaPass, MassNetUse, MassWinEnum, AtAbuse - https://t.co/UyUbyJzrmR https://t.co/KHQ92YmZf6
Blackhat DC 2009 - Dissecting Web Attacks / Blog Spam (With Colin Ames) - We completely tore apart a huge malware compaign using web site injection and even achieved some level of attribution. https://t.co/uJSqpkgKy8 https://t.co/R1flT4MZlM
2009 Sky Talks - The Internet - Gave a more conceptual talk on security in general. https://t.co/gE54h3UD2Y
2009 Blackhat and Defcon (with Ames and Kerb) MetaPhish - We released a PDF infector (later used by malware gangs) a C2 over Tor, a Self Signed Java Applet Attack, and web techniques for managing phishing campaigns. https://t.co/dICqF0WxGp https://t.co/VazsHKIdZt I also gave this same talk at a SANS summit I think that same year. This was part of the Metasploit Track I ran at Blackhat as well.
2009 First Ever Bsides - Forgotten talk, but I was one of the first speakers there. No video exists as far as I know.
2009 phpBB Exploit Released - Arbitrary Code Execution and Metasploit Module - https://t.co/fRfU5zhWgZ
2010 Samba 2.2.8 Solaris SPARC trans2open RCE Metasploit Module CVE 2003-0201 - https://t.co/dmEs0NN8WT
2010 I think Blackhat DC (with Potter) - Why Blackhats Always Win - Things blackhat hackers have to worry about and the major differences between penetration testers and blackhat hackers. I gave a talk at toorcon in the 2000s but I don't remember exactly when or what the topic was but it might have been this as well. If anyone remembers it let me know. https://t.co/7nfaDdVEps https://t.co/7Yleh1C111
2010 Blackhat and Defcon (With Ames and Lai) - Balancing the Pwn Trade Deficit - Deep dive into Chinese hacking groups and techniques as well as malware RE - https://t.co/KnwqktPpHo
https://t.co/1Ru2C7GMTa
2011 Blackhat DC (with Polyokov) - Forgotten World Hacking ERP - We hacked a ton of ERP systems including Oracle, Russian ones, JD Edwards, and dropped 0day. - https://t.co/VKNWqJFJfs https://t.co/CH4Jk5W36j
2011 - 2015 - Sometime during these years I gave a couple of guest lectures at UNM on cyber security.
I gave several talks at Boston Source, Source Europe, and Blackhat Europe all repeats of previous talks.
Gave a talk at FBI Infragard (following Frank Abignale) - No slides or video exists.
I also gave a Malware Analysis talk at the Pentagon - No slides or video exists.
2011 - BSIdes Las Vegas - Are There Still Wolves Among Us - An Anti-sec style talk tearing the security community a new one. No published slides or video exists.
I retired from speaking for several years at this point, although I continued giving training classes at Blackhat on Tactical Exploitation and Tactical Response (IR) until maybe around 2015. I also gave a bunch of training classes to the gov, mil, Cylance, and other places.
2017 OWASP San Diego - I came out of retirement briefly to give a talk "What I've Learned" covering a lot of cyber war stories and things I'd been through. https://t.co/leCppGjQdq
2024 BSides Albuquerque - Industrial Scale Hardware Hacking - Details my process for mass hacking IoT, OT, and other hardware devices including firmware dumping and reversing, RF domain analysis, network and web attacks, logic and scope analysis, etc. https://t.co/OGzITu1tP3
There are a ton of citations in other people's papers and talks as well as a couple books like Gray Hat Hacking: The Ethical Hacker’s Handbook
#hackerthrowback Sorry for the crappy photo on this one. This was our Balancing the Pwn Trade Deficit talk. This was us talking about Chinese APT and Blackhat activities and reversed some Chinese malware and exploits, back before that discussed much.
A funny story about this. I believed the talk was at some time like 3pm. The printed scheduled confirmed it. My co-speakers confirmed it. So at 1pm I'm DEAD asleep and badly hung over in my hotel room. My two co-speakers were across town in another hotel. My phone rings and its the defcon people frantic "where are you, you go on stage in 5 min?!".
I run stumble down to the speaking venue, completely out of it, while calling my freaked out co-speakers who hop in a cab and hurry over.
I give the first like 15 min solo, winging it. My co speakers show up, rush the stage, and save my ass.
Video: https://t.co/4mBbPhiX2J
Halvar Flake and Dave Aitel up to no good at DEF CON 14. @defcon #defcon #hackerthrowback @halvarflake @daveaitel
Syngress Authors Dinner, Black Hat USA 2004. - #BlackHat @BlackHatEvents #hackerthrowback
(L to R)Ryan Russell, Joe Grand, Mark Burnett, Tom Parker, Jeff Moss, Paul Craig, Roelof Temmingh, Jay Beale, Andrew Williams, Neil Wyler, Charl Van der Walt, Tim Mullen.
@joegrand @m8urnett @tomwparker @thedarktangent @RoelofTemmingh @jaybeale @charlvdwalt
#hackerthrowback me oblivious to the unfortunate incident at Alexis Park Lobby defcon
#hackerthrowback me courtnee cDc frequout Alexis Park Defcon
#hackerthrowback ICBM, Lai, me in "Red" restaurant Beijing Xfocus
#hackerthrowback famous in Japan
#hackerthrowback famous in Japan
#hackerthrowback Barnaby Jack, @selenakyle, @dildog , Josh Pennell, I know Ryan Permeh was next to Ally, this was when I told him about my idea for a ML malware classifier (before Cylance happened) Source Europe
#hackerthrowback me, Alex Polokov and gf after our ERP hacking talk Source Europe
#hackerthrowback me and @dotMudge at the first ever BSides right after my talk ( don't remember what I spoke on)
#hackerthrowback Nickerson, Ian Amit, Me, Chris Eng, Josh Pennell Source Europe
#hackerthrowback Anthony Lai, me, colin defcon Pwn Trade Deficit talk
#hackerthrowback cDc freqout, kismet drag0rn, and others boston source
#hackerthrowback me and courtnee at boston source
#hackerthrowback me and courtnee at boston source
Last Seen Hashtags on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers