Packing for on-site work with clients.

• bag (krumpler camera bag)
• work laptop (productivity tools)
• pen test laptop
• gb connections

• 32 bit
• hosted binaries
• standard tools and libraries
• 6gb base image
• shouldn't be run as live cd

Covered a number of exploits against php in particular with upload vectors based on botnets.

Interesting summary of the UI for php shells (filesystem browsing, mysql browsing)

http://online.wsj.com/article_email/SB10001424127887323997004578641993388259674-lMyQjAxMTAzMDAwMTEwNDEyWj.html

• crypto wars
• ssl in browsers circa 1996
• pgp in 1997
• growth in enterprise pgp + cloud systems
• 2010 Google SSL on all network
• via Cerf(?): can't encrypt user data for Google without sacrificing business model for realtime ads

No significant outcomes: general rules on monitoring growth and audience validation.

• limited focus on security in vc community
• taking vc money is function of growth rate and advisor
• ? vcs look for domain expertise, complete understanding (though not necessarily solutions) of the domain problems, commitment to 3y for the company build

http://www.khanfu.com/m/plain/29/event/1975 https://developer.mozilla.org/en-US/docs/Security/CSP/Introducing_Content_Security_Policy http://www.w3.org/TR/CSP/

• @timlee

Set directives for types of things that could be embedded on a page.

• Snowden impact on current policy
• increased allocation of internal resources on "cyber"
• ACLU supports warrant-based access to targeted
• no dragnet-style approach should be allowed

• limited impact statement
• ml based on signals: friends, # of hashtags, @ replies

deep packet inspection hardware: force encoding of all protocols into the allowed protocol for the DPI.

Contrast english dictionary words vs. english HTTP traffic. HTTPS, even with body encrypted, has the same structure as english dictionary because of the unencrypted header.

reverse huffman encoded (e.g., only encoding to FA will drop

look for a sequence of bytes at offset: e.g., classifying HTTP traffic. this is 90% of classifier rules.

"Parrot Paper" - packet-based inspection is dead & full session better == really just "more data better" and statistical model can still work to get a message through since full message

• beagle bone
• umbuntu
• 6gb image
• 1.1w draw at 100% cpu
• tty mode (+)
• mesh network up to 1m xb network
• airmon, hydra, metasploit, fern

• arduino
• stamp
• adafruit
• spark phone
• eagle
• ldm designer
• express pcb (+prototype + laying out boards)
• ap circuits

• book review: distance algorithms
• closest is most reviewed but farthest is not
• classification is just a form of distance calculation

(def points [[0 0] [2 2]])

• possible to poison big data approach if able to have 50% of data be noise (?)
• seemed focus on IDS and threat classification not "big data" in general

• look for bit-flip domain names (solar flares, server heat) then acquire domain
• acquired domain hosting from blacklisted domains then viewed noticed that payloads were still being sent from botnets that had been shut down (i.e., taken-down domains were available for registration)
• note changes in MS DNS default routing rules then acquire www.[internal].com

Worth a second review of the contents.

• Same as TED talk presentation
• Book ("confidence games"?)
• Proximity is core goal
• Thinking Fast and Thinking Slow

There is a Splunk report that could be generated based on mixed content on a site.