Ichthyology: Phishing as a Science

I gave a talk about phishing at a few different conferences last year, and people occasionally ask me for the whitepaper and / or recording. They’re not very discoverable at the moment, so I figure I’ll link them here, and then I’ll have a better answer than “search my browser history”.

Don't Panic: there's more TTL

A bored network engineer caused a bit of a stir on the Internet in early 2013: they set up an IP that when traceroute‘d returned the introductory text of Star Wars: Episode IV. Their original implementation bounced packets between two different routers, with a series of virtual routing tables. I don’t have access to routers that are that configurable, but I thought this was super cool so I set out to make my own version with just a single server in the cloud.

SSH for Fun and Profit

In May last year, a new attack on the Diffie Hellman algorithm was released, called Logjam. At the time, I was working on a security team, so it was our responsiblity to check that none of our servers would be affected. We ran through our TLS config and decided it was safe, but also needed to check that our SSH config was too. That confused me – where in SSH is Diffie Hellman? In fact, come to think of it, how does SSH work at all? As a fun side project, I decided to answer that question by writing a very basic SSH client of my own.

Tim Tam Logistics

As an Australian living in the US, I feel it’s my duty to introduce the treats of my childhood to my co-workers: red frogs, Fantales, and Milo have all made appearances. However, far and away the mostly highly voted treat has been Tim Tams. Unfortunately, as an imported product, Tim Tams are pretty expensive in the US - over US$8 a packet on Amazon. It’s not immediately clear where this cost comes from, so I decided to figure out if I could sell them for less.

Puzzles with coreutils (Part 2)

On another free weekend afternoon, I decided to finish off the rest of the coreutils brainteasers I started last month. This time I learned more about Linux audio, bash substring replacement, and the assortment of flags that ls supports.