I added a new Talks section to the website. The blog hasn’t been updated much, but I’ve been giving a number of talks:
During the last weeks I released a few new features as well as stability and usability improvements for idb. The more notable ones are:
- Integration of weak_classdump by Elias Limneos to dump class and method information in the form of header files.
- Addition of a new
- Fixing of the CA certificate installer / manager.
- Adding documentation and increasing visibility for the screenshot utility.
All of the features are now documented in the new Manual on Github.
Updated Talk at SOURCE Boston 2014
Last weekend I also spoke at SOURCE Boston about idb and some of the new features. SOURCE is a great conference with excellent talks and an audience size that makes it personal enough to connect and engage with many of the attendees.
Read more about the new idb features and see my updated slide deck after the jump.
Last weekend (January 17-19 2014) I gave a talk on blackbox iOS app pentesting at ShmooCon 2014
in Washington, D.C. The talk covered various common iOS app vulnerabilities, mitigation techniques, and also
introduced a new tool called
idb and demonstrated how it can be used to test for the discussed vulnerabilities.
Here is the slide deck:
ShmooCon Video Recording
Update February 10th 2014 The recording of my ShmooCon talk was now posted on archive.org. Below is a local mirror of the video.
idb is a tool to simplify some common tasks for iOS pentesting and
research. It is written in ruby with a Qt GUI frontend and should run on OS X and Linux (with some restrictions).
This is the first public release of the tool so bug reports, feature requests, and contributions are more than welcome! The code is available under the MIT license on Github:
Read the full list of features after the jump.
It has been a while now, but last September I succesfully defended my dissertation and got a Ph.D. in Computer Science from the Stevens Institute of Technology. First the dissertation and then my new job at Matasano Security have kept me busy and so I neglected my website for quite a while. Well, it has now been updated with a new “About Me” page and PDFs of my dissertation.
Most importantly, here is the obligatory Wordle for my dissertation:
After upgrading my workstation to the 64-bit version of Ubuntu 12.04 (Precise Pangolin) (from 11.10) I realized that Skype did not start anymore. The problem was simply a missing 32-bit library and the problem is quickly fixed as follows.
Our team just came back from the Northeast Collegiate Cyber Defense Competition (NECCDC) 2012. We had a young, fresh team and we have learned a lot!. Thanks to the red, black, and white teams for making this fun and challenging competition possible! I'm looking forward to see how our team will be doing in the coming years when they have even more experience. I am completing my PhD this Summer and I will not be returning to CCDC — at least not as a blue team member :–)
For the poster session of its bi-annual event "Research and Entrepreneurship Day" my school, the Stevens Institute of Technology, only provided a Powerpoint poster template. Since typesetting formulas (and so many other things…) is rather painful to do in Powerpoint, I decided it is worth the effort and converted the poster template to LaTeX. I based the template on baposter by Brian Amberg which provides an excellent starting point for research posters. The Stevens design was created using a tikz picture as poster background as well as some adjustments to the style of the boxes.
I hope this template will help out other Stevens students in creating a poster on their research using LaTeX.
Download the Poster Template
baposter has been released under the GNU General Public License and since I had to modify the baposter.cls file, this template is released under the GPL as well. I would love to release it under an MIT-like license, public domain or under Creative Commons in the future.
Assume you have an existing pyramid application which uses SQLAlchemy to access its database backend. You have nicely defined all Object Relational Mapper (ORM) models and your application uses it to consistently access the database. Assume further, that you now have to write some scripts which also require access to the database (using the same model) but which are otherwise independent of the web application (e.g., cronjob scripts). Here is how you can use your existing pyramid SQLAlchemy model in your own scripts.