Talks/Webcasts

In which I discuss how to control malware using Twitter, Soundcloud, Google Sheets, and Salesforce.

Link: https://www.blackhillsinfosec.com/webcast-tweets-beats-and-sheets-c2-over-social-media/

The original talk about the sneaky-creeper social media C2 library at BSides Las Vegas.

Link: https://www.youtube.com/watch?v=tLkQH-ev2iw

There’s a companion blog post here if you want more detail.

Introducing my pushpin-web project, which collects and displays geotagged social media in areas the user specifies. This was at SOURCE Boston 2015.

Link: https://www.youtube.com/watch?v=yvSx0z9bMxA&list=PLrbUElixkHvarXr3QPSjSIfwnMh6IkRhC&index=3

Total Recoll

Talking about my adventures setting up and using Recoll for OSINT work (specifically, sifting through the leaked NSA documents looking for project codenames). This was in the DEF CON 25 recon village.

Link: https://www.youtube.com/watch?v=uPbDySi-p2w&list=PLrbUElixkHvarXr3QPSjSIfwnMh6IkRhC

There’s a companion blog post here if you want more information.

Papers

Security of the Near Field Communication Protocol

I published this as a senior in high school, so go easy on me.

Click/touch/tap/glare menacingly at the expandy box below if you want to see the abstract.

Expand ↕

With the booming of smartphone and wireless networks, contactless payment systems have been gradually accepted by a range of sectors and industries. Near Field Communication (NFC), as a de facto standard for radio communication, dominates this market and has accumulated many applications, such as use as a digital wallet and ticketing system, due to its convenience and versatility. The prevalent use and large cash flow of NFC have attracted the attention of attackers and criminals. In this paper, we present an overview of the security issues surrounding the NFC protocol and its applications. We investigate the existing and potential vulnerabilities of NFC, discuss effective countermeasures for mitigating these vulnerabilities, and further present design considerations for new NFC applications.

Link: https://dl.acm.org/citation.cfm?id=2535418.2535432

Particularly Good Blog Posts

Steganography: The Art and Science of Hiding Things in Other Things

A series of blog posts introducing steganography and Hamming error-correction codes. Fun to write, and I like to think it’s fun to read (and informative). Plus it has somewhere in the neighborhood of a million pictures of a super floofy puppy so honestly what more do you want from me.

Link: https://www.blackhillsinfosec.com/steganography-the-art-science-of-hiding-things-in-other-things-part-1/

Talks/Webcasts

Tweets, Beats, and Sheets: C2 Over Social Media

Social Media C2

Monitoring Social Media in 5 Minutes a Week

Total Recoll

Papers

Security of the Near Field Communication Protocol

Particularly Good Blog Posts

Steganography: The Art and Science of Hiding Things in Other Things