Presentations/Courses/Interviews

Presentations

• "Visual Analytics in Support of Secure Cyber-Physical Systems," David Dittrich and Mark P. Haselkorn, Department of Homeland Security Workshop on Future Directions in Cyber-Physical Systems Security, July 22-24, 2009
• Keynote speaker, "The Fight Against Spam: Should We Start to Hit Back?," Conference on Email and Anti-Spam, Mountain View, CA, July 16, 2009
• Panel: Common Research Issues, DHS S&T Workshop on Ethical Issues in Network Research, Washington, DC, May 26-27, 2009
• Panel: Ethics in Botnet Research, LEET 09, Boston, April 21, 2009
  [Network World published a story about the panel. The discussion of DDoS tool relates to the Trinoo Distributed Denial of Service Tool writeup, in which I wrote, "During investigation of these intrusions, the installation of a trinoo network was caught in the act and the trinoo source code was obtained from the account used to cache the intruders' tools and log files. This analysis was done using this recovered source code." The hole in question that I used to copy the files (a "+ +" in a .rhosts file, granting anyone on the internet the ability to access the account) is depicted in this [anonymized] command: echo "rcp 192.168.0.1:leaf /usr/sbin/rpc.listen". While I did get permission to view the files, the questionable action was that I had initiated the copying before I had finished identifying someone who could authorize the action and grant me permission. They did, and asked me to promise I would give them full details of how their system was compromised and used, to never disclose the name of their company, or publish any customer data. I have adhered to all aspects of this promises.]
• "Understanding Emerging Threats: The case of Nugache," (co-presented with Bruce Dang, Microsoft), SOURCE Boston conference, March 2008
• "Why botnets have become your worst nightmare," Information Security Decisions 2007, Chicago, November 5, 2007
• "Threat Briefing," Tokyo, Japan, February 2007
• "Beyond the Noise: Complexity and Network Defense," Advanced Network Defense Symposium, Air Force Information Warfare Center, San Antonio, TX, September 13-14, 2006
• Beyond the Noise: More Complex Issues with Network Defense, IFIP 10.4 Working Group Meeting, Network Security and Infrastructure Response (Carl Landwehr, moderator), Annapolis, MD, June 30, 2006
• Bots and Botnets - The Automation of Computer Network Attack, AusCERT 2005, Brisbane, Australia, May 2005
• The Active Response Continuum to Computer Network Attack, AusCERT 2005, Brisbane, Australia, May 2005
• Beat Back the Botnets, Information Security Decisions 2005, Chicago, IL, May 9, 2005
• Panelist following Rich Pethia's keynote "Computers Under Attack, What Shall We Do?", Cutter Consortium Summit 2005, Boston, MA, May 2, 2005
• Tactical Integration: Honeypots, Honeynets, and the Honeywall, GOVCON 2005, Crystal City, VA, March 30, 2005
• Beat Back the Botnets, Webcast, March 23, 2005
• The Manuka Project (database for cataloging clean/compromised system disk images), paper presentation, IEEE Information Assurance Workshop, June 11, 2004 (Power Point)
• Honeypots, Honeynets, and the Honeywall, ARO Information Assurance Workshop, UW, March 3, 2004 (PowerPoint)
• Looking at Vulnerabilities, Microsoft Campus, August 25, 2003 (Power Point)
• DDoS: A look back from 2003, Internet2 DDoS In-Depth Workshop, August 6, 2003
• Seattle University CSSE 492/592 version of FIRE
  Supporting references
  • MD5 hash of ISO
  • Instructions on how to burn this ISO to a CDROM
  • FAT: General Overview of On-Disk Format, Microsoft
  • Microsoft Extensible Firmware Initiative FAT32 File System Specification, Microsoft
  • Harley Hahn's Student Guide to Unix, McGraw-Hill, 1996, ISBN 0-07-025492-3
  • Linux Magic Numbers
  • JPEG File Interchange Format (JFIF)
• Honeypots and Honeynets, presentation to National Association of Attorneys General, UW, April 14, 2003 (Power Point)
• "What if you hit back? Counter-intelligence and Counter-attack," I4 meeting, Seattle (April 2003)
• Looking at Vulnerabilities, TOPOFF-2, March 2003 (Power Point)
• Post Intrusion Concealment and Log Alteration, June 2002
• Recent Developments in DDoS, June 2002
• CanSecWest CORE '02 Slides and tools, April 2002
• Recent Developments in DDoS: Unwitting agents and the "Power" bot, notes for FIRST teleconference, November 2001
• CanSecWest CORE '01 "Honeynet Project Forensic Challenge" slides, April 2001 (Power Point)
• Invited Talk, "Distributed Denial of Service, MIT Applied Security Research Group, October 6, 2000
• Invited Talk, "DDoS: Is There Really a Threat?," USENIX Security Symposium, August 16, 2000 (Power Point)
• Panelist at the Tomorrow's Technology Today (T3) Conference, Pittsburgh, PA, April 8, 2000
• Distributed Denial of Service - A New Threat, 2000 JASON Summer Study Program invited talk
• Panelist at Distributed Denial of Service (DDoS) BoF, NANOG 18 Meeting, February 7, 2000
• Panelist at Distributed Denial of Service (DDoS) BoF, RSA Conference 2000, January 17, 2000
• Some TCP/IP Vulnerabilities, Seattle Agora Meeting, December 10, 1999
• Presentation on Distributed Denial of Service attacks at CERT Distributed-Systems Intruder Tools Workshop, November 2, 1999
• Quarterly Departmental Support meeting Security talk, 1999
  • What can be done with limited time to secure Unix systems?
  • What can be done with limited time to secure Windows NT systems?
• Information Security Management Overview, August 1999
• Host and Network Security in the Internet Age: DSL, @Home, ISDN, etc., Seattle Unix User's Group, 1998
• Unix Security Overview, 1998
• Panelist at SANS '97 technical conference (SA4) Problem Tracking Systems Panel/Workshop, April 1997 [Trip report, PowerPoint Slides of talk on QnA, HTML version]
• Sun's Java langauge, 1996
• Talks on Java and Unix Security at AUUG WET'96 in Darwin, Northern Territory, Australia (4/96)
• An Introduction to WWW, 1994
• Unix System Security, 1994

Courses

• Honeynet Project Forensic Challenge course materials, SANS FIRE 2001
• Training Ninja at Black Hat '00 [Course notes for Unix forensics class w/Dominique Brezinski]

Interviews

• KUOW Weekday: The Virus Hunters, (Guests: Dave Dittrich, Affiliate Researcher with the I-School and UW's Center for Information Assurance and Cybersecurity, Stephen Toulouse, Security Program Manager, Microsoft Security Response Center, and Sam Curry, Vice President for Security Management at Computer Associates), May 14, 2004 (MP3 archive) (RealAudio archive) MP3] (RealAudio)
• Audio interview on DDoS attacks with Brian Martin [attrition.org] and Dave Dittrich, by Brian S. McWilliams, PC-radio.com, February 22, 2000
• Panelist on the Diane Rehm show (WAMU radio, NPR affiliate) along with Jeffrey Hunker (coordinator for security, infrastructure protection, and counter-terrorism for the National Security Council), James Adams (CEO of iDefense), and Elias Levy (SecurityFocus.com), February 17, 2000
• Info.sec.radio interview (Originally broadcast March 6, 2000)