Posts by Collection

portfolio

publications

Paper Title Number 1

Published in Journal 1, 2009

This paper is about the number 1. The number 2 is left for future work.

Recommended citation: Your Name, You. (2009). "Paper Title Number 1." Journal 1. 1(1). http://academicpages.github.io/files/paper1.pdf

Paper Title Number 2

Published in Journal 1, 2010

This paper is about the number 2. The number 3 is left for future work.

Recommended citation: Your Name, You. (2010). "Paper Title Number 2." Journal 1. 1(2). http://academicpages.github.io/files/paper2.pdf

Paper Title Number 3

Published in Journal 1, 2015

This paper is about the number 3. The number 4 is left for future work.

Recommended citation: Your Name, You. (2015). "Paper Title Number 3." Journal 1. 1(3). http://academicpages.github.io/files/paper3.pdf

talks

Client-Server Based Transmission Scheme over GSM Network for MEDTOC with Patient Classification

Published: May 21, 2012

Cellular networks are becoming most prevalent network. Different applications are being deployed on them due to their ubiquity and reliability. We have been working on designing an emergency medical data transmission system named MEDTOC that would carry aggregated patient data on cellular network to the hospital. In this paper, we present an efficient scheme which implements the transfer of moving patient’s vital signs to hospital via GSM network. This scheme was implemented and tested by writing a Java based client-server application to transfer patients’ vital sign information. Post-transmission operations include archiving, classifying and presenting the vital signs data on demand. We have investigated the problem of classifying patients based on their condition, as assessed through vital signs. With that information, patients can be assigned to the appropriate physician for remote monitoring.

Project CASSI: A Social-Graph Based Tool for Classrom Behavior Analysis and Optimization

Published: July 06, 2013

Although educational data mining is a well-established field, it has not yet sought to provide serious, actionable intelligence that can be used by teachers to address bullying in a reasonable amount of time. This paper seeks to propose a system that will streamline the processing and storage of bullying data in social graph form so that it will be available to be mined by expert systems that can help educators in the classroom. In addition, one such expert system will be proposed demonstrating how this data may be used to automate a common classroom management task that may improve students’ classroom experiences.

A Software Framework for Patient Data Handling in Emergencies and Disasters

Published: July 31, 2014

In this paper, we describe the development of a software framework and its guiding principles for patient handling and processing in emergencies and disasters. The MEDTOC system developed earlier is modified and enhanced to include a complete object oriented software model for patient classification, patient handling and patient data processing. The client and server side processing is specified, the patient clustering considerations are discussed and initial results are outlined in terms of software models, algorithms and medical guidelines for effective collaboration.

Writing Your First Exploit

Published: April 22, 2016

(See 2016-DC)

Writing Your First Exploit

Published: June 13, 2016

See 2016-DC

Writing Your First Exploit

Published: August 04, 2016

DEF CON isn’t just for hardened hackers with 5up3r 3l173 hacking skills. As DEF CON has grown, more and more attendees are looking for knowledge that will help them get started in the world of hacking. If that’s what you’re looking for, this training workshop is for you!

Whose Idea Was That? Comparing Security Curriculums and Accreditations to Industry Needs

Published: June 16, 2017

Security is hard but security education may be harder. Few academic institutions have the skills or resources to dedicate solely to security education. Rather, most security programs in higher education have grown out of or have been welded on to other technology programs. The resulting fractured educational ecosystem has created a disparity in the skill sets of graduating students and has it challenging to develop standards to ensure consistency across educational programs. This talk will take a look at how security curricula have traditionally been developed and continued to be shaped by a variety of forces. We will examine some of the proposed solutions for accrediting programs and analyze their strengths and weaknesses. Subsequently we will try to determine which type of student each model designed to produce and provide our own recommendations about how to standardize security education.

What They’re Teaching Kids These Days

Published: June 24, 2017

Penetration testing is a challenge for higher education. Students are demanding this course in increasing numbers and faculty are scrambling to meet the demand. This talk will explore some of the curricular factors that influence why, where, and how higher education teaches penetration testing. Approaches to teaching this content can be wildly different, though, and can range from the theoretical to intensely technical. The strengths and weaknesses of these approaches will be discussed and some suggestions will be presented for how higher education can modernize their approach to teaching penetration testing.

What They’re Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs

Published: July 26, 2017

Security is hard, but security education may be harder. Few academic institutions have the skills or resources to dedicate solely to security education. Rather, most security programs in higher education have grown out of or have been welded on to other technology programs. The resulting fractured educational ecosystem has created a disparity in the skill sets of graduating students and has made it challenging to develop standards to ensure consistency across educational programs. This talk will take a look at how security curricula have traditionally been developed and continued to be shaped by a variety of forces. We will examine some of the proposed solutions for accrediting programs and analyze their strengths and weaknesses. Subsequently, we will try to determine which type of student each model is designed to produce and provide our own recommendations about how to standardize security education.

Evolving the Teaching of Pen Testing in Higher Education

Published: June 23, 2018

An Analysis of Cyber Security Educational Standards

Published: August 10, 2018

An Analysis of Cyber Security Educational Standards

Published: August 24, 2018

Operationalizing the MITRE ATT&CK Framework

Published: June 22, 2019

The MITRE ATT&CK framework is all the rage these days. Many are looking at this as a research framework that can help standardize many aspects of information security, particularly with respect to offensive methodology. This talk will look at the MITRE ATT&CK framework from a different angle aby examining how the information MITRE has organized can improve penetration testing and, based on preliminary results, defensive posture. I will provide an overview of the ATT&CK framework, discuss the techniques that are useful for penetration testing, and present a case study of homebrew malware written to be aligned with the ATT&CK Framework. The talk will conclude with a discussion of using existing tools aligned with MITRE’s ATT&CK Framework for detection and automating analysis of log data generated by those tools. It is important to note that this talk as supported by a significant amount of student work through both undergraduate and graduate capstone projects.

ATT&CKing Windows

Published: March 12, 2020

This talk with address how to get started with using the MITRE ATT&CK Framework to develop offensive tooling for Windows enviroments. The talk with introduce the ATT&CK framework, provide some examples demonstrating how to work with the Windows API, and will provide a overview of popular tools that make use the of the ATT&CK framework. Finally, some preliminary research related to calibrating existing publicly available offensive tools oriented ot the ATT&CK framework to publicy available defensive tooling.

Getting Started with Windows Implant Development

Published: March 18, 2022

This talk will cover the basics of building custom Windows malware, from constructing your environment to achieving code execution. Unfortunately, content around the Windows API is often relatively inaccessible to those new to the industry. Security talks in this area are often directed towards experienced practitioners rather that novices. The intent of this talk is to demonstrate that, with a little bit of C and some Windows API documentation, you can do some real damage. Specific techniques covered will include AppCertDLLs (T1546.009), droppers, and Process Injection (T1055.002). This talk will also attempt to present custom malware development as a software engineering process that has very real challenges and real costs to adversaries. The target audience is one that is familiar with C, memory management, and concepts typically taught in an Operating Systems course.