Talks and Presentations

A quick list of the talks and presentations I’ve given, and papers or other publications I’ve contributed to.

ShmooCon, University of Wisconsin Lockdown: Inside Apple’s MDM (updated)
IntrepidCon: Solving the Verizon DBIR Puzzle
DerbyCon: Slow Down, Cowpoke - When enthusiasm outpaces common sense (importance of a methodical approach to Infosec testing)
TV appearance: NBC News interview - Solving the Apple / “FBI” UDID data breach (Today Show, September 11, 2012).
NovaHackers: Apple UDID Breach
Private seminar: Apple UDID Breach

ShmooCon, Source Boston, University of Michigan SUMIT_13, seminar at Federal Government customer: Protecting sensitive information on iOS devices
DerbyCon: Raspberry Pi, Media Centers, and AppleTV

ShmooCon: Knock Knock: A Survey of iOS Authentication Methods (also presented in 2015 at OWASP DC and OWASP NoVA)

ShmooCon: My Hash Is My Passport: Understanding Web and Mobile Authentication
BSides Rochester and University of Connecticut TakeDownCon: A (not so quick) Primer on iOS Encryption

Papers, Publications, and Training

Nails in the Crypt - Proof of concept demonstration of rainbow tables with salted UNIX crypt(3) password hashes
Co-author and initial co-presenter of SANS class “Secure Mobile Applications Development: iOS App Security”
Author and instructor of iOS half of 3-day application security testing course for private customer
Author of mobile platform security comparison chapter of NCC Group “End-to-End Mobile Security” whitepaper, released at Mobile World Congress 2013
Released research server for iOS Mobile Device Management
Released test and demonstration software for directly accessing 1Password vaults, with detailed blog post series to support talk and software
CVE-2014-1279: Disclosure of AppleID and Wi-Fi Passwords During Apple TV Touch Setup