Welcome to In Depth Defense. In Depth Defense LLC is a privately owned Information Security Consulting company owned and operated by Mark Baggett. In Depth Defense specializes in Penetration Testing and Incident Response. At this time In Depth Defense is not accepting any new client work, but we are happy to speak to you and point you to other resources in the community.

Mark Baggett has been active in Information Security for 18+ years. I've served in a variety of roles from software developer to CISO. You can find archives of older blog entries below and read my newer posts on http://www.pauldotcom.com, http://isc.sans.edu and http://pen-testing.sans.org

Saturday, February 23, 2013

2013 Posts and Publications

Here is a collection of blog posts and other things I did or found interesting in 2013.

Violent Python - TJ OConnor
I was the technical editor for Violent Python.

Here are some links to my 2013 Shmoocon presentation.  Unofficial sources report 1200+ people in the room for my presentation with Jake Williams.  

Here is a video: http://www.youtube.com/watch?v=R16DmDMvPeI

I also did a series on the Internet Storm Center on the topic.   Here are some posts.

Part 1 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394
Part 2 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+2/15406
Part 3 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448
Part 4 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+4/15460

I authored a SANS Course!   SEC573 Python for Penetration Testers.    This is awesome!

File Hiding and Process Obfuscation 
Here is a post I did on Pauldotcom.com on hiding processes.

Python PSEXEC rocks

Manipulate Volume Shadow Copies from Python

SMB Relay Demystified and NTLMv2 Pwnage with Python

TDS, MSSQL and Python

Antivirus Evasion - A peak under the Veil

Windows is 0wned by Default! 
Well.  This is pretty scary stuff.  Rootkits without Rootkits.  AV Evasion.   My latest research project hit some serious pay dirt here.    Sitting in Jason Fossen's SEC505 Securing Windows class is always inspiring and educational.   Two years ago I was watching him play with the Application Compatibility Toolkit.   I commented that it looked a lot like a rootkit.   Jason (one of the smartest guys I know) said, "Yep, I think there is probably a lot of things you could do with that."   Jason is awesome.  I dug into it for a while, shared it with a few friends, then presented it publicly at this years Derbycon!   Check it out.