• Invited Keynote Speaker, "Responding to Complex Intrusions (or 'How to Play Kick the Can in Cyberspace')," REN-ISAC Annual Member Meeting (RIMM) 2016, Seattle, WA, April 21, 2016



  • `Dr. Paul Vixie's Overview of Internet Takedowns`_, M3AAWG Town Hall, October 22, 2014 [@27:22 I provide a brief description of a proposed framework for "active response continuum" presented by Katherine Carpenter and me at CyCon 2014, link below.]
  • "`Ethics in Computer Security Research and Operations`_," by David Dittrich, UW CSE / Microsoft Research Summer Institute 2014, July 28, 2014
  • "Protecting Property in Cyberspace Using "Force": Legal and Ethical Justifications," by David Dittrich and Katherine Carpenter, NATO Cyber Defense Center of Excellence Cyberconflict Conference (CyCon) 2014, Tallinn, Estonia, June 4, 2014. [`Local copy of CyCon 2014 slides`_ Talk is online in the Strategy and Law track, 04.06.14, at the `CyCon 2014 web site`_]
  • "The Legal and Ethical Challenges with Aggressive Computer Security Research and Operations Actions," by David Dittrich and Katherine Carpenter, Microsoft Digital Crimes Consortium 2014 meeting, Singapore, Singapore, March 4, 2014. [`Local copy of DCC 2014 slides`_]
  • Panelist, "Botnet Takedowns," Malware, Messaging, and Mobile Anti-Abuse Working Group (M3AAWG) 27th General Meeting, San Francisco, CA, February 20, 2014
  • Panelist, "Dismantling and disrupting malware-facilitated crime: case studies and future collaboration opportunities," Microsoft Global Cybercrime Enforcement Summit, February 11, 2014
  • Panelist, "Anatomy of Data Security Breaches: Who is Behind Them,; How Law Enforcement and Targets Respond," with Richard D. Boscovich (Microsoft) and Jenny A. Durkan (US Attorney, Western District of Washington), `Cybersecurity Law and Strategies Conference`_, Seattle, Washington, January 27, 2014
  • Panelist, "`Can Companies Afford an Active Defense Strategy?`_", with Katherine Carpenter (moderator), Christofer Hoff, Anup Ghosh, Jody Westby, `Suits and Spooks 2014`_, Washington, DC, January 20, 2014
  • Panelist, "Exploiting End Points, Devices, and the Internet of Things" with Kurt Baumgartner, Remy Baumgarten, Terry McCorkle, `Suits and Spooks 2014`_, Washington, DC, January 20, 2014



  • "Session B18 (Advanced): Ethical Guidelines for Information and Communication Technology Research: The Menlo Report," David Dittrich, Erin Kenneally, Wendy Visscher, PRIM&R's `Advancing Ethical Research 2012`_ Conference, San Diego, CA, December 4, 2012
  • Panelist, "Joint Cooperation," United States Attorney's Office `Cybercrime Conference`_, Seattle, WA, October 27, 2012
  • Keynote speaker, "So you want to take over a botnet...," Discovery 2015 workshop, Pacific Northwest National Laboratory, Richland, WA, September 20, 2012
  • `So You Want to Take Over a Botnet...`_, by David Dittrich, LEET '12: Fifth USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 2012.
  • "A Refined Ethical Impact Assessment Tool and a Case Study of its Application," by Michael Bailey, Erin Kenneally, and David Dittrich, in Workshop on Ethics in Computer Security 2012, Bonaire, Dutch Antilles, March, 2012


  • "Data Breach Then and Now" (Keynote presentation), by David Dittrich, Information Assurance, Network Forensics, Industry and Educators Workshop, September 8, 2011 (Hosted by Highline Community College, Funded by NSF Grant # DUE 0919593)
  • "Human Subjects, Agents, or Bots: Current Issues in Ethics and Computer Security Research," by John Aycock, Elizabeth Buchanan, Scott Dexter, and David Dittrich, in Workshop on Ethics in Computer Security 2011, St. Lucia, April, 2011 [`Local copy of paper and slides`_]
  • "Session D3: An Evolved Ethical Framework for Network and Security Research," David Dittrich, Erin Kenneally, Wendy Visscher, PRIM&R's `Social, Behavioral and Educational Research 2011`_ Conference, Boston, MA April 29, 2011
  • "Session C8: Watching 'Bad' Behavior in the Context of Research," PRIM&R's Social, Behavioral and Educational Research Conference, Boston, MA, April 28, 2011


  • "Visual Analytics in Support of Secure Cyber-Physical Systems," David Dittrich and Mark P. Haselkorn, Department of Homeland Security Workshop on Future Directions in Cyber-Physical Systems Security, July 22-24, 2009

  • Keynote speaker, "The Fight Against Spam: Should We Start to Hit Back?," Conference on Email and Anti-Spam, Mountain View, CA, July 16, 2009

  • Panel: Common Research Issues, DHS S Workshop on Ethical Issues in Network Research, Washington, DC, May 26-27, 2009 + Panel: Ethics in Botnet Research, LEET 09, Boston, April 21, 2009

    [Network World published a `story about the panel`_. The discussion of DDoS tool relates to the `Trinoo Distributed Denial of Service Tool`_ writeup, in which I wrote, "During investigation of these intrusions, the installation of a trinoo network was caught in the act and the trinoo source code was obtained from the account used to cache the intruders' tools and log files. This analysis was done using this recovered source code." The hole in question that I used to copy the files (a + + in a .rhosts file, granting anyone on the internet the ability to access the account) is depicted in this [anonymized] command: echo "rcp /usr/sbin/rpc.listen" in generating a script that was then run on the compromised computer. While I did get permission to view the files, the questionable action was that I had initiated the copying before I had finished identifying someone who could authorize the action and grant me permission. They did, and asked me to promise I would give them full details of how their system was compromised and used, to never disclose the name of their company, or publish any customer data. I have adhered to all aspects of this promises.]










  • Sun's `Java`_ langauge, 1996
  • Talks on Java and Unix Security at `AUUG WET'96`_ in Darwin, Northern Territory, Australia (4/96)


  • KUOW Weekday: The Virus Hunters, (Guests: Dave Dittrich, Affiliate Researcher with the I-School and UW's Center for Information Assurance and Cybersecurity, Stephen Toulouse, Security Program Manager, Microsoft Security Response Center, and Sam Curry, Vice President for Security Management at Computer Associates), May 14, 2004 [`Weekday MP3`_] [`Weekday RealAudio archive`_]
  • `Audio interview on DDoS attacks with Brian Martin [attrition.org] and Dave Dittrich`_, by Brian S. McWilliams, PC-radio.com, February 22, 2000
  • Panelist on the `Diane Rehm show`_ (WAMU radio, NPR affiliate) along with Jeffrey Hunker (coordinator for security, infrastructure protection, and counter-terrorism for the National Security Council), James Adams (CEO of iDefense), and Elias Levy (SecurityFocus.com), February 17, 2000
  • `Info.sec.radio interview`_ (Originally broadcast March 6, 2000)

Protecting Property in Cyberspace Using "Force": Legal and Ethical Justifications: http://staff.washington.edu/dittrich/talks/DittrichCarpenter_ACSC2015.pdf .. _With great power comes great responsibility: Scaling Responses to DDoS and BotNets Effectively and Safely: https://www.iab.org/wp-content/IAB-uploads/2015/04/CARIS_2015_submission_21.pdf .. _CARIS: https://www.iab.org/activities/workshops/caris/agenda/ .. _Protecting Property in Cyberspace Using "Force": Legal and Ethical Justifications: http://staff.washington.edu/dittrich/talks/DittrichCarpenter_ACSC2015.pdf .. _Dr. Paul Vixie's Overview of Internet Takedowns: https://www.youtube.com/watch?v=C8mHqegZK_k&feature=youtu.be&list=UUTZxk2zHaimn_zuWPgXV9cA .. _Beyond the Range of the Moment: Ethical Response to Cybercrime: https://www.nanog.org/meetings/abstract?id=2473 .. _The Second Annual Comprehensive Conference on Cybersecurity Law: http://www.lawseminars.com/detail.php?SeminarCode=15CYBERWA .. _Cybersecurity Law and Strategies Conference: http://www.lawseminars.com/detail.php?SeminarCode=14CYBERWA .. _Linux Magic Numbers: http://www.garykessler.net/library/magic.html .. _An Introduction to WWW: http://staff.washington.edu/dittrich/talks/www/ .. _Power Point Slides of talk on QnA: http://staff.washington.edu/dittrich/talks/qna/qna.ppt .. _"DDoS: A look back from 2003": http://staff.washington.edu/dittrich/talks/I2-ddos.ppt .. _NANOG 18 Meeting: http://www.nanog.org/mtg-0002/ .. _What can be done with limited time to secure Windows NT systems?: http://staff.washington.edu/dittrich/talks/qsm-sec/what_nt.html .. _Local copy of DCC 2014 slides: http://staff.washington.edu/dittrich/talks/dcc-2014-DittrichCarpenter.pdf .. _Distributed Denial of Service: https://amsterdam.lcs.mit.edu/pipermail/asrg/2000-October/000098.html .. _Ethics in Computer Security Research and Operations: http://staff.washington.edu/dittrich/talks/UWCSE-MSR-SummerInstitute-2014-Dittrich.pdf .. _Host and Network Security in the Internet Age: DSL, @Home, ISDN, etc.: http://eve.speakeasy.org/~dittrich/talks/seaslug/ .. _Cybercrime Conference: http://blogs.justice.gov/main/archives/2536 .. _FAT: General Overview of On-Disk Format: http://staff.washington.edu/dittrich/misc/FatFormat.pdf .. _Microsoft Extensible Firmware Initiative FAT32 File System Specification: http://staff.washington.edu/dittrich/misc/fatgen103.pdf .. _CanSecWest CORE '01 "Honeynet Project Forensic Challenge" slides: http://staff.washington.edu/dittrich/talks/core01.ppt .. _#350: http://pauldotcom.com/wiki/index.php/Episode350 .. _Beyond the Noise: More Complex Issues with Network Defense: http://www.laas.fr/IFIPWG/Workshops&Meetings/50/workshop/07%20Dittrich.pdf .. _Information Security Decisions 2005: http://infosecurityconference.techtarget.com/html/schedule_at_a_glance.htm .. _Understanding Emerging Threats: The case of Nugache: https://www.youtube.com/watch?v=GgMI_hAmqJU .. _PDF of SOURCE 2008 slides: http://staff.washington.edu/dittrich/talks/source-dittrich-dang-v6.pdf .. _SANS '97 technical conference: http://www.sans.org/ .. _Post Intrusion Concealment and Log Alteration: http://staff.washington.edu/dittrich/talks/conceal/ .. _So You Want to Take Over a Botnet...: https://www.usenix.org/conference/leet12/so-you-want-take-over-botnet .. _AUUG WET'96: http://www.ntu.edu.au/auug/ .. _Unix Security Overview: http://staff.washington.edu/dittrich/talks/security/ .. _Recent Developments in DDoS: Unwitting agents and the "Power" bot: http://staff.washington.edu/dittrich/talks/first/ .. _story about the panel: http://www.networkworld.com/news/2009/042409-usenix-hacking.html .. _Info.sec.radio interview: http://www.securityfocus.com/templates/media.html?id=6 .. _Some TCP/IP Vulnerabilities: http://staff.washington.edu/dittrich/talks/agora/ .. _SANS 97 Trip report: http://staff.washington.edu/dittrich/misc/sans97/ .. _IFIP 10.4 Working Group Meeting: http://www.laas.fr/IFIPWG/Workshops&Meetings/50/index.htm .. _Trinoo Distributed Denial of Service Tool: http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt .. _Diane Rehm show: http://www.wamu.org/ram/2000/r1000217.ram .. _Slides and reference materials: http://staff.washington.edu/dittrich/talks/nanog59/ .. _GOVCON 2005: http://www.ncsi.com/govcon05/agenda.shtml# .. _Pauldotcom Podcast: http://pauldotcom.com/2013/10/friday-october-25th---episode.html .. _Java: http://staff.washington.edu/dittrich/talks/java/ .. _JPEG File Interchange Format (JFIF): http://www.w3.org/Graphics/JPEG/jfif3.pdf .. _"Looking at Vulnerabilities," TOPOFF-2: http://staff.washington.edu/dittrich/talks/vulnerabilities.ppt .. _Bots and Botnets - The Automation of Computer Network Attack: http://conference.auscert.org.au/conf2005/abstracts.php#paper_id_35 .. _Local copy of DCC 2013 slides: http://staff.washington.edu/dittrich/talks/dcc2013_dittrich_botnets.pdf .. _Power Point slides of USENIX 2000 talk: http://staff.washington.edu/dittrich/talks/sec2000.ppt .. _Audio interview on DDoS attacks with Brian Martin [attrition.org] and Dave Dittrich: http://www.pc-radio.com/otr/hacking.html .. _Computers Under Attack, What Shall We Do?: http://www.cutter.com/consultants/pethiar.html .. _Quarterly Departmental Support meeting Security talk: http://staff.washington.edu/dittrich/talks/qsm-sec/ .. _Harley Hahn's Student Guide to Unix: http://www.mhhe.com/catalogs/0070254923.mhtml .. _Why botnets have evolved into your worst nightmare: http://cdn.ttgtmedia.com/searchSecurity/downloads/ET_DaveDittrich.PDF .. _Information Security Decisions 2007: http://searchsecurity.techtarget.com/feature/Information-Security-Decisions-2007-Presentation-downloads .. _What if you hit back? Counter-intelligence and Counter-attack: http://staff.washington.edu/dittrich/arc/I4%20dittrich.ppt .. _DDoS: Is There Really a Threat?: http://staff.washington.edu/dittrich/talks/sec2000/ .. _Instructions on how to burn this ISO to a CDROM: http://www.ibiblio.org/pub/Linux/distributions/e-smith/docs/howto/CD_burning_howto.php3 .. _Recent Developments in DDoS: http://staff.washington.edu/dittrich/talks/recent-ddos/ .. _Honeynet Project Forensic Challenge course materials: http://staff.washington.edu/dittrich/misc/sansfire.tgz .. _Honeypots, Honeynets, and the Honeywall: http://staff.washington.edu/dittrich/talks/aro-honeynets.ppt .. _HTML version: http://staff.washington.edu/dittrich/talks/qna .. _CanSecWest CORE '02 Slides and tools: http://staff.washington.edu/dittrich/talks/core02/ .. _Weekday RealAudio archive: .. _Advancing Ethical Research 2012: http://www.primr.org/WorkArea/DownloadAsset.aspx?id=1021 .. _Social, Behavioral and Educational Research 2011: http://www.primr.org/WorkArea/DownloadAsset.aspx?id=1021 .. _Course notes for Unix forensics class w/Dominique Brezinski: http://staff.washington.edu/dittrich/talks/blackhat/ .. _Local copy of paper and slides: http://staff.washington.edu/dittrich/talks/wecsr2011-irbpanel.pdf .. _Seattle University CSSE 492/592 version of FIRE: http://staff.washington.edu/dittrich/misc/fire-su.iso .. _Training Ninja at Black Hat '00: http://www.blackhat.com/html/training-usa-00/bh-usa-00-trainers.html .. _Information Security Management Overview: http://staff.washington.edu/dittrich/talks/infosecmgt/ .. _Presentation on Distributed Denial of Service attacks: http://staff.washington.edu/dittrich/talks/cert/ .. _CyCon 2014 web site: https://ccdcoe.org/cycon/2014/app.html .. _Distributed Denial of Service - A New Threat: http://staff.washington.edu/dittrich/talks/jason/ .. _Local copy of CyCon 2014 slides: http://staff.washington.edu/dittrich/talks/CyCon-2014-DittrichCarpenter.pdf .. _Beat Back the Botnets: http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1086201,00.html .. _Suits and Spooks 2013: http://www.taiaglobal.com/suits-and-spooks/suits-and-spooks-dc-2013/suits-and-spooks-dc-2013-agenda/ .. _Suits and Spooks 2014: http://www.suitsandspooks.com/2014/01/dc-2014/ .. _Can Companies Afford an Active Defense Strategy?: http://fhl.global/video/panel-christofer-hoff-dave-dittrich-jody-westby-anup-ghosh/ .. _Unix System Security: http://staff.washington.edu/dittrich/talks/security.old/ .. _Honeypots and Honeynets: http://staff.washington.edu/dittrich/talks/NAAG.ppt .. _Panelist: http://www.t3conference.org/security.html .. _RSA Conference 2000: http://www.rsaconference.com/rsa2000/main.html .. _Weekday MP3: http://www.kuow.org/m3u/wk2_20040514.m3u .. _Offensive Anti-Botnet - So you want to take over a botnet...: http://www.youtube.com/watch?v=zqUL1mUEvGg&list=PLO8DR5ZGla8j7_jnNYY3d8JB0HfdXe85X .. _MD5 hash of ISO: http://staff.washington.edu/dittrich/misc/fire-su.iso-md5sum.txt .. _"Looking at Vulnerabilities", Microsoft Campus: http://staff.washington.edu/dittrich/talks/vulnerabilities-082503.ppt .. _The Manuka Project: http://staff.washington.edu/dittrich/talks/ieee-ia-manuka.ppt .. _What can be done with limited time to secure Unix systems?: http://staff.washington.edu/dittrich/talks/qsm-sec/what_unix.html