Highlighted Publications

Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing

While lacking the sex appeal of memory corruption based attacks, phishing remains a problem for many end users. Defenses against phishing have not advanced significantly in years. Mostly in boils down to more attempts to phish your own people. In this presentation I explored new approaches to detection using perceptual hashing.

Abusing Web APIs Through Scripted Android Applications

While many of my colleagues were away at Blackhat, Defcon, and Bsides Las Vegas I decided to spend a day exploring through an Android app. I became interested in this particular app due to it being the “official” app of a popular web service that included some functionality not exposed to end users through the API that they’ve provided. I was reasonably sure that some spammers on this web service were using this functionality and I was interested to see just how difficult it was to do.

Leveraging Ethernet Card Vulnerabilities in Field Devices

Dale Peterson and I demonstrate how using commonly available tools an attacker can learn how firmware is loaded into two different Programmable Logic Controller (PLC) Ethernet cards, write his own malicious firmware, and load that malicious firmware into the field device Ethernet cards.