Presentations


BlackHat Webcast November, 2015:
  “Exploiting XXE in File Upload Functionality”
   Updated to include more file types; PDF, JPG, and GIF

BlackHat USA 2015:
   “Exploiting XXE in File Upload Functionality”
   Original Presentation

BlackHat Europe 2014:
   “Blended Web and Database Attacks on Real-Time, In-Memory Platforms”
   I helped write the whitepaper but wasn’t able to make the presentation

Troopers 2014:
   “Hiding the breadcrumbs: Anti-forensics on SAP systems”
   Really fun presentation on hiding actions in SAP

Troopers 2014:
   “SAP BusinessObjects Attacks: Espionage and Poisoning of Business Intelligence platforms”
   Another round of BO research, quite a few advisories came from this.

Defcon Skytalks 20 (2012):
   “Interface Puncher”
   Focused on fingerprinting web applications and bruteforcing credentials. Cool idea, didn’t really take off.

Defcon 19 (2011):
   “Metasploit vSploit Modules”
   Joint presentation with Marcus Carey and David Rude. Awesome idea and fun work. Presentation wasn’t great though.

Defcon Skytalks, BSides Las Vegas 2011:
   “Distributed Denial of Service Attacks for Whitehats”
   Focused on testing DoS mitigations in place from vendors. Unfortunately can’t find the slides or video.

OWASP AppSec USA 2010, SOURCE Barcelona 2010:
   “Hacking SAP Businessobjects”
   

BeaCon 2015:
   “Building (Simple) Fuzzing Scripts from Wireshark Dissectors”
    Presentations with friends in a bar. BeaCon – I miss you!

BlackHat Arsenal 2016, 2015, and 2014:
   “SERPICO”
   See Projects for more info.