![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Heading to Seattle, WA
Jun. 17th, 2011 07:31 amOh hey, I should announce: I'm going to be in Seattle this weekend. So if you're in Seattle too, and want to visit me, or me to visit you, or however these things work, then let me know.
I'm trying to plan out my schedule for the next few months. Some of you may find this a useful reference. It'd be really neat if someone were to enter all this info into a public Google Calender or something (like ConThingy, but that looks a little bit broken at the moment).
CFP Final Deadlines: Black-Hat Vegas : May 15 Recon : May 15 BruCON : May 15 DefCon : May 27 ToorCon Seattle : Jun 1 hack.lu : Jun 1 OWASP AppSec USA : Jun 14 TakedownCon Vegas : Jun 30 HashDays : Jul 3 HITB SecConf Malaysia : Jul 15 Source Barcelona : Jul 15 SecTor : Aug 15 Black Hat Abu Dhabi : Sep 15 Ever Conference I Can Find: May 12-13 : Internet Security Operations & Intelligence 9 [Dulles,VA,USA] May 17-20 : HITB Security Conference [Amsterdam,NH,NLD] May 18-19 : Takedown Con [Dallas,TX,USA] May 27-29 : ph-neutral 0x7db [Berlin,BE,DEU] May 28-29 : LayerOne [Anaheim,CA,USA] Jun 7-10 : OWASP AppSec [Dublin,L,IRL] Jun 10-12 : Summercon [Brooklyn,NY,USA] Jun 15-16 : Source-Seattle [Seattle,WA,USA] Jun 17-19 : ToorCon-Seattle [Seattle,WA,USA] Jul 8-10 : RECON [Montreal,QC,CAN] Aug 2- 4 : Black Hat Briefings [Las Vegas,NV,USA] Aug 4- 7 : DEFCON 19 [Las Vegas,NV,USA] Aug 10-14 : CCC Camp [Finowfurt,BB,DEU] Sep 8- 9 : Sec-T [Stockholm,AB,SWE] Sep 19-21 : BruCON [Etterbeek,BRU,BEL] Sep 19-21 : hack.lu [Luxembourg District,LUX] Sep 22-23 : OWASP AppSec [Minneapolis,MN,USA] Oct 10-13 : HITB Security Conference [Kuala Lumpur,KL,MYS] Oct 18-19 : SecTor [Toronto,ON,CAN] Oct 26-29 : HashDays [Lucerne,LU,CHE] Nov 14-18 : Source-Barcelona [Barcelona,B,ESP] Dec 6- 7 : TakedownCon Vegas [Las Vegas,NV,USA] Dec 12-15 : Black Hat Abu Dhabi [Abu Dhabi,ARE] Dec 27-30 : 28C3 [Berlin,BE,DEU] Not listed: BayThreat, San Diego ToorCon, various BSides.
What am I going to miss this weekend?
May. 21st, 2009 04:31 pm| Foxgrrl Forecast | Category | Date | Location | Event |
|---|---|---|---|---|
| ? | Haxor | May 23-24 | Anaheim, CA | LayerOne 2009 |
| ? | Anime | May 22-25 | San Jose, CA | FanimeCon![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-community.gif){kind=small} fanimecon←maybe? |
| ? | Sci-Fi | May 22-25 | Santa Clara, CA | BayCon 2009baycon |
| ? | Party | May 23 | San Francisco, CA | 12th Annual etd.POP |
| ? | Party | May 22 | Santa Clara, CA | Gay Day at Great America |
0% |
Haxor | May 29-31 | Berlin, DE | ph-neutral 0x7d9 |
P.S. Don't forget about ConThingy
OMG: http://www.sfweekly.com/events/music/?date=2009-05-23
I might be able to get my passport and make it to Berlin by next week, but I really don't have the time
.
Life Update
May. 14th, 2009 02:56 pmI'm still alive, the past few weeks have been extra-extra-extrordinary. More detail when I'm not writing from my phone. Also, DEFCON CFP ends tomorrow. Someone suggest something for me to talk about. I could do botnet and ransomware stuff, or even old school phreaking techniques. (Stuff I can present on without doing more new research.)
Job Posting
May. 1st, 2009 12:12 pmMy company is finally hiring someone else to do all the busybody work I don't have time for. Don't worry about the BS degree; if you can write an exploit, for any vulnerable program I give you, then you're qualified. (Actually, if you've ever touched IDA, and know how to read analyze .pcaps, you're qualified. If I can give you a mystery program, and you can tell me what it does, you're qualified. You must be able to act like a mature responsible adult when interacting with other people.)
I didn't write this:
Job Description for the Security Research Engineer
Duties and responsibilities:
The main responsibilities for this position include: (1) keeping track of vulnerability disclosure and malware (with focus on botnet, spyware, and other Trojans that engage in network-based activities) development, (2) performing false positive checking for detection signatures, and (3) conducting detailed analysis of malware behaviors, through code reverse engineering and live behavior studies.
Qualifications
Professional experience:
The candidate should have at least two years of experience in the security field, especially with skills in malicious code analysis. Good knowledge in security vulnerability, exploitation, and Windows OS internals are expected. Solid programming skills are required. Working knowledge of TCP/IP stack and familiarity with network traffic tools are also required. Examples of relevant industries include AV, IDS/IPS/IDP, Web and Message security.
Personality:
Must be hardworking, a self-starter, and effective in a small-team environment.
Formal education:
BS degree in CS/EE or equivalent experience.
Update: You can email me at juliavixen $40 gmail.com If you don't understand that email address stop now. If it was up to me, I'd have everyone send me their stuff in flat in 7-bit ASCII, but since I'm just handing this stuff off the the appropriate manager, all those newfangled dynamic-content enabled document formats are ok. I'll be checking the .DOCs and .PDFs for exploits, if I find any 0-days you get the job. My GPG Public Key if you need it. The job is right on the border of San Jose and Milpitas in Ciscoville.
I didn't write this:
Job Description for the Security Research Engineer
Duties and responsibilities:
The main responsibilities for this position include: (1) keeping track of vulnerability disclosure and malware (with focus on botnet, spyware, and other Trojans that engage in network-based activities) development, (2) performing false positive checking for detection signatures, and (3) conducting detailed analysis of malware behaviors, through code reverse engineering and live behavior studies.
Qualifications
Professional experience:
The candidate should have at least two years of experience in the security field, especially with skills in malicious code analysis. Good knowledge in security vulnerability, exploitation, and Windows OS internals are expected. Solid programming skills are required. Working knowledge of TCP/IP stack and familiarity with network traffic tools are also required. Examples of relevant industries include AV, IDS/IPS/IDP, Web and Message security.
Personality:
Must be hardworking, a self-starter, and effective in a small-team environment.
Formal education:
BS degree in CS/EE or equivalent experience.
A reader asks:
I don't have time to write a proper response to this, so perhaps you, the reader, can offer some advice.
How can I get a job looking at malware? I worked at a company that was exposed to lots and lots of stuff targeting Chinese dissident groups and got pretty good at analyzing, tracking and spotting it. Do you know anyplace that I could go to do this for a living?
Any input appreciated
I don't have time to write a proper response to this, so perhaps you, the reader, can offer some advice.
(no subject)
Apr. 1st, 2009 08:55 pm call InternetGetConnectedState
test eax, eax
jz short loc_9A3C5C
lea eax, [ebp+12Ch+SystemTime]
push eax ; lpSystemTime
call ebx ; GetLocalTime
cmp [ebp+12Ch+SystemTime.wYear], 7D9h
ja short loc_9A3C37
jnz short loc_9A3C4D
cmp [ebp+12Ch+SystemTime.wMonth], 4
ja short loc_9A3C37
jnz short loc_9A3C4D
cmp [ebp+12Ch+SystemTime.wDay], 1
jb short loc_9A3C4DThe above sequence of code has been the bane of my existence this week. It's the date check for April 1, 2009 from the Conficker.C worm. As with many other viruses in the past with a specific date that they do something, there is tremendous media hype surrounding this. So, I had not been analyzing this worm for the last few months, because everyone else had it covered, and I had other stuff to do, but now because of the media hype my company wants to have something published on it for marketing reasons. Since everyone else [see above] has published almost everything about it, there isn't much else for me to say. So I'm reversing the P2P protocol in Conficker.C, because it's the only part left… because it's the hardest part to understand. Anyway, I think I'll at least have figured out the IP address to UDP Port calculation soon, so I can write a scanner/Snort rule, for the P2P protocol. Anyway, don't interrupt me in the meantime…
(I was also going to write up a full analysis of the shellcode used in Conficker.A and Conficker.B, as no one else has really gone into detail there. (But the additional detail isn't really useful to know if you only care about detecting it. But I can describe who the authors copied most of their shellcode from (it's slightly modified MSF). Anyway, it'll be interesting to someone, but the P2P thing will get media attention.)
(Note: I'm not complaining. I'd much rather be reversing malware than working on what I was supposed to be doing this week.)
What do I do for a living?
Mar. 16th, 2009 09:23 pmA question I am frequently asked is:
I'll usually say something like
The only really succinct response I've come up with is that I stare at the 1's and 0's, and explain what's going on in English. (Or that I'm just really smart at people.)
What do you do for a living?
I'll usually say something like
I'm a malware analyst.— although that's an incomplete answer. And they'll say
What's malware?And I'll try to explain it to them, but they're too impatient for more than a one sentence explanation. And so I say stuff about hacking and computer viruses and spam, in about two or three sentences, which don't penetrate their skull. (Since they didn't really want to know the answer, they were just making small talk.) And in frustration I'll say something like
I break into computers for a living.And then they're like
Oh!But that's not really what I do either. And If you've ever seen my CV, you'll note that I do a lot of different, hard-to-explain things. Like Reverse engineering, exploit development, vulnerability analysis, tool development, and even some QA work (tracking down the root cause of the really hard bugs).
The only really succinct response I've come up with is that I stare at the 1's and 0's, and explain what's going on in English. (Or that I'm just really smart at people.)
Super Happy Dev House 31
Mar. 14th, 2009 12:59 pmSigh, do I want to go to Super Happy Dev House 31? I have a bunch of research I need to write up, and I otherwise have the day completely free. I can work on my research at SHDH31, but I'll probably end up spending several hours talking about the differences between Von Neumann and Harvard architectures, or modern Superscalar processor design.
Big List of Infosec Conferences
Mar. 3rd, 2009 10:03 amI don't have time to format this into a table and stuff.
VEE 2009 Mar 11-13 Washington, DC http://www.cs.purdue.edu/VEE09/Home.html
SOURCE Conf Mar 11-13 Boston, MA http://www.sourceconference.com/
CarolinaCon Mar 13-14 Chapel Hill, NC http://www.carolinacon.org/
CanSecWest Mar 18-20 Vancouver, BC http://www.cansecwest.com/
Notacon 6 Apr 16-19 Cleveland, OH http://www.notacon.org/
Black-Hat EU Apr 16-17 Amsterdam, NL https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html
CodeCon Apr 17-19 San Francisco, CA http://www.codecon.org/2009/
LEET 2009 Apr 21 Boston, MA http://www.usenix.org/events/leet09/
RSA Conf. Apr 20-24 San Francisco, CA http://www.rsaconference.com/2009/us/
BSDCan May 8- 9 Ottawa, ON http://www.bsdcan.org/2009/
CONFidence May 15-16 Krakow, PL http://2009.confidence.org.pl/
IEEE TCSP May 17-20 Oakland, CA http://oakland09.cs.virginia.edu/
CSI SX 2009 May 17-21 Las Vegas, NV http://www.csisx.com/
SIGINT May 22-24 Cologne, DE http://events.ccc.de/sigint/2009
LayerOne May 23-24 Anaheim, CA http://layerone.info/
ph-neutral May 29-31 Berlin, DE http://www.ph-neutral.org/
USENIX Jun 14-19 San Diego, CA http://www.usenix.org/events/usenix09/
ToorCamp Jul 2- 5 Moses Lake, WA http://www.toorcamp.org/
IPTComm Jul 7- 8 Atlanta, GA http://iptcomm.org/
IEEE CSFW Jul 8-10 Port Jefferson,NY http://www.cs.sunysb.edu/csf09/
SECRYPT Jul 7-10 Milan, IT http://secrypt.org/
Black Hat Jul 26-30 Las Vegas, NV https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
Defcon Jul 31-02 Las Vegas, NV http://www.defcon.org/
PETS Aug 5- 7 Seattle, WA http://petsymposium.org/2009/
CSET 2009 Aug 10 Montreal, ON http://www.usenix.org/events/cset09/
HOTSEC Aug 11 Montreal, ON http://www.usenix.org/events/hotsec09/
USENIX Sec. Aug 12-14 Montreal, ON http://www.usenix.org/events/sec09/
FRHACK Sep 7- 8 Besanc,on, FR http://www.frhack.org/
SOURCE Conf Sep 21-22 Barcelona, ES http://www.sourceconference.com/
VizSec 2009 Oct 11 Atlantic City, NJ http://vizsec.org/vizsec2009/
PhreakNIC 13 Oct http://phreaknic.info
CFP Deadlines:
PETS Mar 2 http://petsymposium.org/2009/
SECCRYPT Mar 10 http://secrypt.org/
CodeCon Mar 15 http://www.codecon.org/
SIGINT Mar 27 http://events.ccc.de/sigint/2009
USENIX Security Apr 10 http://www.usenix.org/events/sec09/
IEEE TCSP Apr 15 http://oakland09.cs.virginia.edu/
Black Hat US May 1 https://cfp.blackhat.com/
HOTSEC May 4 http://www.usenix.org/events/hotsec09/
HotPETs May 8 http://petsymposium.org/2009/
CSET 2009 May 15 http://www.usenix.org/events/cset09/
Whatever:
http: //www.computerforensicshow.com/
http: //www.syscan.org/
Not this year?
http://www.recon.cx/2008/index.htmlScheduling...
Jan. 31st, 2009 09:56 pmI just now realized that Black Hat Europe and CodeCon overlap.
So that I don't forget…
Feb 6-8 http://www.shmoocon.org/
Mar 16-20 http://cansecwest.com/
Apr 16-17 http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html
Apr 17-19 http://www.codecon.org/2009/
Apr 20-24 http://www.rsaconference.com/2009/US/Home.aspx
May 15-16 http://2009.confidence.org.pl/
May 22-25? http://ph-neutral.darklab.org/
Oct 6-7 http://www.sector.ca/default.htm
Someone might find one these interesting…
Feb 13-16 http://pantheacon.com/09/index.php
Feb 20-22 http://furryfiesta.org/
May 22-25 http://baycon.org/2009/
Jun 5-7 http://www.califur.com/
??? http://www.labyrinthmasquerade.com/
So that I don't forget…
Feb 6-8 http://www.shmoocon.org/
Mar 16-20 http://cansecwest.com/
Apr 16-17 http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html
Apr 17-19 http://www.codecon.org/2009/
Apr 20-24 http://www.rsaconference.com/2009/US/Home.aspx
May 15-16 http://2009.confidence.org.pl/
May 22-25? http://ph-neutral.darklab.org/
Oct 6-7 http://www.sector.ca/default.htm
Someone might find one these interesting…
Feb 13-16 http://pantheacon.com/09/index.php
Feb 20-22 http://furryfiesta.org/
May 22-25 http://baycon.org/2009/
Jun 5-7 http://www.califur.com/
??? http://www.labyrinthmasquerade.com/
I'm in Texas! Yee-Haw!
Jan. 29th, 2009 08:30 pmI'm in Texas! Yee-Haw! OMG! Why is is so cold here?! There's ice on everything! It's supposed to be warm in Texas, what's going on?
UPDATE: If I wasn't in Texas, I'd be at this: She's Geeky and possibly Super Happy Dev House 30. Both close to my house in Mountain View, CA… Where I spend very little time these days.
UPDATE: If I wasn't in Texas, I'd be at this: She's Geeky and possibly Super Happy Dev House 30. Both close to my house in Mountain View, CA… Where I spend very little time these days.
Things I'm not doing.
Sep. 13th, 2008 06:52 pmLet's see, what am I not doing this month… (I was planning on going to Earthdance, but I had an unplanned expenditure of about US$2000, so I can't really afford it this week.) (It's ok, because I really needed some downtime anyway. I'm not even completely unpacked from Burn yet…)
I keep meaning to stuff all of this into Google Calendar, but haven't had the time/chance to yet.
| Foxgrrl Forecast | Category | Date | Location | Event |
|---|---|---|---|---|
| 0% | Pagan | Sep 9-14 | (Southeast), OH | Between The Worldsbtw_lj |
| 0% | Party | Sep 12-14 | Laytonville, CA | Earthdance 2008 |
| 0% | Party | Sep 12-14 | Los Gatos, CA | Earthdance 2008 |
| 0% | Sci-Fi? | Sep 13 | Somerset, NJ | SalonConsalonconvention |
| 0% | Haxor | Sep 13-14 | Wall Township, NJ | Vintage Computer Festival East 5.0 |
| 0% | Haxor | Sep 15-17 | Boston, MA | International Symposium on Recent Advances in Intrusion Detection |
| 0% | Haxor | Sep 15-17 | Cambridge, MA | Workshop on Visualization for Cyber Security |
| 25% | Pagan | Sep 18-21 | Artemas, PA | Crossing the Thresholds Four |
| 50% | Kink | Sep 28 | San Francisco, CA | Folsom Street Fair |
| 10% | Kink | Sep 25-28 | San Francisco, CA | Arse Elektronika |
| 0% | Burn | Sep 25-28 | Berkeley, CA | ArtCar Fest |
| 90% | Haxor | Sep 26-28 | San Diego, CA | Toorcon X |
| 25% | Sci-Fi | Sep 26-28 | San Diego, CA | Conjecture 2008conjecture_sd |
| 0% | Furry | Sep 26-28 | SeaTac, WA | RainFurrestrainfurrest |
| 0% | Anime | Sep 26-28 | San Mateo, CA | Yaoi-Conyaoicon |
| 0% | Pagan | Sep 25-28 | Middletown, CA | A Fool's Journey |
| 75% | Faire | Sep 6-Oct 12 | Hollister, CA | Northern California Renaissance Faire |
| 80% | Sci-Fi | Oct 3-5 | San Jose, CA | Silicon 2008siliconventions |
| 80% | Party | Oct 4 | San Francisco, CA | San Francisco Love Parade |
| 80% | Haxor | Oct 4 | San Francisco, CA | SuperHappyDevHouse 27 |
| 60% | Haxor | Oct 7-8 | Toronto, ON | SecTor |
| 90% | Party | Oct 12 | San Francisco, CA | Decompression 2008 |
| 10% | Furry | Oct 17-19 | Waterbury, CT | FurFrightfurfright |
| 0% | Kink | Oct 24-25 | San Francisco, CA | The Exotic Erotic Ball |
| 0% | Haxor | Oct 24-25 | Nashville, TN | Phreaknic 12 |
| 100% | Wedding | Oct 25 | Franklin Park, PA | Wedding for (a couple you might know…) |
| 25% | Sci-Fi | Nov 1-2 | San Francisco, CA | Alternative Press Expo |
| 80% | Furry | Nov 21-23 | Wheeling, IL | Midwest FurFestmidwest_furfest |
| 10% | Sci-Fi | Nov 21-23 | Portland, OR | OryCon 30![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small} orycon30 |
| 10% | Sci-Fi | Nov 28-30 | Los Angeles, CA | LosCon 35loscon |
| 80% | Haxor | Dec 27-30 | Berlin, Germany | 25C3 |
| 100% | Furry | Jan 22-26, 2009 | San Jose, CA | Further Confusionfurcon |
| 90% | Pagan | Feb 13-16, 2009 | San Jose, CA | Pantheaconpantheacon |
I keep meaning to stuff all of this into Google Calendar, but haven't had the time/chance to yet.
DEFCON 16 [Part 1]
Aug. 13th, 2008 09:46 amA few photos from this weekend. The ones of the clouds are part of a panorama I shot on top of a mountain, at sunset, with a large thunderstorm on the side opposite the sun. It should be awesome looking — it certainly was in person.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
DEFCON 16 Caravan
Aug. 5th, 2008 12:22 pmIs anyone organizing a bay-area caravan to DEFCON this year? (I didn't find anything here: https://forum.defcon.org/index.php)
If not, does anyone want to car pool with me on like, Thursday-ish?
I'm kinda,
If not, does anyone want to car pool with me on like, Thursday-ish?
I'm kinda,
mehon attending DEFCON this year, but I haven't missed once since DEFCON 3.
Toorcon Seattle Beta (2007) [Part 2]
May. 31st, 2008 08:08 pmI like these photos more than the ones in Part 1. Unfortunately I don't feel like this is my best work. (Insert here: Assurances about how everyone can't be at their peak performance all the time.)
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Toorcon Seattle Beta (2007) [Part 1]
May. 28th, 2008 12:54 amUnfortunately, by the time I get around to writing this text, I'm too tired to think of anything clever or even relevant to say about the photos.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
PH-Neutral 0x7d7 [Part 2]
May. 24th, 2008 01:38 pmGescheites etwas geht hier.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
PH-Neutral 0x7d7 [Part 3]
May. 24th, 2008 01:37 pmGescheites etwas geht hier.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
PH-Neutral 0x7d7 [Part 1]
May. 23rd, 2008 11:23 pmHey everyone, guess where I'm NOT! If you said
Berlinyou would be correct†. I'm now exactly one year behind on photo processing/publishing.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
†Of course, if you had said anything other than: In my clothes, on a chair, in my room, in my house, in Mountain View, in California, in the USA, in the Pacific Timezone, in the Northern Hemisphere, on Earth, in the Solar System, in the Milky Way Galaxy, in the Universe, in the Third Dimension… Then you'd be wrong.
