Welcome to In Depth Defense. In Depth Defense LLC is a privately owned Information Security Consulting company owned and operated by Mark Baggett. In Depth Defense specializes in Penetration Testing and Incident Response. At this time In Depth Defense is not accepting any new client work, but we are happy to speak to you and point you to other resources in the community.

Mark Baggett has been active in Information Security for 18+ years. I've served in a variety of roles from software developer to CISO. You can find archives of older blog entries below and read my newer posts on http://www.pauldotcom.com, http://isc.sans.edu and http://pen-testing.sans.org








Saturday, February 23, 2013

2013 Posts and Publications

Here is a collection of blog posts and other things I did or found interesting in 2013.

Violent Python - TJ OConnor
I was the technical editor for Violent Python.
http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

SHMOOCON 2013
Here are some links to my 2013 Shmoocon presentation.  Unofficial sources report 1200+ people in the room for my presentation with Jake Williams.  
http://www.wipethedrive.com

Here is a video: http://www.youtube.com/watch?v=R16DmDMvPeI

I also did a series on the Internet Storm Center on the topic.   Here are some posts.

Part 1 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394
Part 2 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+2/15406
Part 3 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448
Part 4 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+4/15460

SANS SEC573 PYTHON FOR PENETRATION TESTERS
I authored a SANS Course!   SEC573 Python for Penetration Testers.    This is awesome!
https://www.sans.org/course/python-for-pen-testers

File Hiding and Process Obfuscation 
Here is a post I did on Pauldotcom.com on hiding processes.
http://pauldotcom.com/2013/02/file-hiding-and-process-obfusc.html

Python PSEXEC rocks
http://pen-testing.sans.org/blog/pen-testing/2013/03/27/psexec-python-rocks 

Manipulate Volume Shadow Copies from Python
http://pen-testing.sans.org/blog/pen-testing/2013/04/12/using-volume-shadow-copies-from-python

SMB Relay Demystified and NTLMv2 Pwnage with Python
 http://pen-testing.sans.org/blog/pen-testing/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python

TDS, MSSQL and Python
http://pen-testing.sans.org/blog/2013/05/21/tds-mssql-and-python-oh-my

Antivirus Evasion - A peak under the Veil
http://pen-testing.sans.org/blog/pen-testing/2013/07/12/anti-virus-evasion-a-peek-under-the-veil

Windows is 0wned by Default! 
Well.  This is pretty scary stuff.  Rootkits without Rootkits.  AV Evasion.   My latest research project hit some serious pay dirt here.    Sitting in Jason Fossen's SEC505 Securing Windows class is always inspiring and educational.   Two years ago I was watching him play with the Application Compatibility Toolkit.   I commented that it looked a lot like a rootkit.   Jason (one of the smartest guys I know) said, "Yep, I think there is probably a lot of things you could do with that."   Jason is awesome.  I dug into it for a while, shared it with a few friends, then presented it publicly at this years Derbycon!   Check it out.
 http://www.youtube.com/watch?v=SVqiDdVS7Wo


 


No comments:

Subscribe