[ Public Presetations | RFP Presentations | Book Contributions | Magazine Publications ]


Past Presentations & Material

Presentations given as Jeff Forristal

200:1 - Do You Trust Your Mobile Security Odds?
Webinar, 2014. Most mobile devices give transitive trust to over 200 third-parites by default. The presentation includes case studies showcasing how much excessive trust occurs in the mobile ecosystem, and strategies to manage mobile risk.

(Mis)Managing Mobile Trust
BSidesPDX, 2014. Presentation of case studies and examples where mobile devices are trusting more third-parties than most people suspect.

Android FakeID Vulnerability Walkthrough
BlackHat USA, 2014. Details and live exploit demonstration of the Android FakeID vulnerability, discovered through evaluations of the effectiveness of the Android security model. View presentation slides or full recorded presentation.

Predatory Hacking of Mobile Devices: Real Demos
RSA San Francisco, 2014. Background and demonstration of real attacks against mobile devices, showcasing forensic bypass of device PIN code, luring devices onto spoofed wifi APs then performing man-in-the-middle network attacks, and how a malicious application can escape the security sandbox and gain control of other applications. View archived presentation slides

Android: One Root to Own Them All
BSidesPDX, 2013. Replay of BlackHat 2013 talk, with updated 'aftermath' information.

Android: One Root to Own Them All
BlackHat USA, 2013. Presentation covering the details and live exploit demonstration of the Android MasterKey vulnerability, discovered through evaluations of the effectiveness of the Android security model. View summary video or full recorded presentation.

Hardware Involved Software Attacks
CanSecWest, 2012. Technical presentation based on my complementary whitepaper, promoting an under-recognized attack surface involving hardware to facilitate an attack from an unexpected direction against software. Becoming increasingly relevent in the industry as attackers move lower in the technology stack and 'direct-to-hardware' technologies like OpenCL/WebCL become commonplace. View archived presentation slides

Network design for ineffective HTTP traffic filtering
CanSecWest, 2009. A look at common enterprise networking practices to try to inspect and control HTTP traffic, and how emerging technologies are rendering those practices ineffective. View archived presentation slides

Lightning Talk: Network Design for Effective HTTP Traffic Filtering
Microsoft BlueHat, Fall 2008. Top three ways HTTP traffic is bypassing current web inspection technologies.

Security Trade-Offs and Pitfalls in Virtualized Platforms
Microsoft BlueHat, Fall 2007. Presentation included personal research results into the operation of networking implementations in virtualization platforms, and how the implementations allowed multiple network-bourne attacks including traffic rerouting and spoofing.

Tips, Tricks, and Ask the Expert Using SPI Products
SPICon 2007. Technical advice for achieving more findings and reducing false positivies with the WebInspect web application security scanner.

Securing Your Perimeter
eBusiness Conference & Expo, 2000, with Kevin Novak and Greg Shipley. Showcases/demonstrations of industry-leading intrusion detection, firewall and vulnerability scanning capabilities in combination with live network attacks.


Presentations given as Rain Forest Puppy

Chico State University 2003
I was invited to give a talk regarding the ethics of security disclosure to the computer science student population. View archived presentation

HackExpo 2003
Aug 13-15, Melbourne, Australia; Aug 18-20, Sydney, Australia. I gave multiple talks covering security misconceptions. View archived presentation

HackExpo 2002
Mar 12-14, Melbourne, Australia; Mar 19-21, Sydney, Australia. I gave multiple talks covering honeypots, SQL tampering, and tips/tools to enhance security.

CanSecWest 2002
May 1-3, Vancouver, Canada. Followed up last year's "why whisker sucks" talk with a "finally tools that don't suck" review, including the release of whisker 2.0. View archived presentation

BlackHat Vegas 2002
Aug 1, Las Vegas. Talk was entitled "Novell: the forgotten OS", and focused on various web-related vulnerabilities found in default Netware installations. View archived presentation

Hack 2002 Singapore
Aug 28-30, Singapore. Focused on common web problems and some tips on how to better protect webservers. View archived presentation

Hack 2002 Hong Kong
Sept 3-5, Hong Kong. The talk was two parts: first a demo of common problems, and then a talk which focused on tips to better secure web servers.

Hivercon 2002
Nov 26-27, Dublin, Ireland. Discussed uses of HTTP/web application fingerprinting. View archived presentation

CanSecWest 2001
March 28-30 in Vancouver, Canada. Talk topic included "why whisker sucks", and introduced the concept of an assessment proxy. View archived presentation

BlackHat Asia 2001
April 23-27 in Hong Kong and Singapore. Talk included a basic "why the web is vulnerable", followed by a look into RFProxy. View archived early-release presentation

LSM 2001
July 4-7, Bordeaux, France. Focused on "common CGI coding mistakes", and was geared slightly more towards developers.

BlackHat Vegas 2001
July 10-11, Las Vegas, Nevada. Basically a "what the hell has RFP been working on?" talk, which included the roadmap and peek into the future of libwhisker, RFProxy, whisker 2.0, and some other projects. View archived early-release presentation


Book Contributions


Practical Intrusion Analysis
Addison-Wesley, 2009
Author of chapter 9, "Physical Intrusion Detection for IT"

Ajax Security
Addison-Wesley, 2007
Technical reviewer

Hack Proofing Your Web Applications
Syngress, 2001
Author of chapter 6, "Code auditing and reverse engineering"

Hack Proofing Your Network
Syngress, 2000 (as Rain Forest Puppy)
Author of chapter 7, "Unexpected Input", and chapter 14, "Viruses, Trojan Horses, and Worms"


Magazine Publications


Analysis: Physical/Logical Security Convergence
Cover feature, Network Computing, Nov 23 2006. A review of commercially available products and methodologies to integrate physical access control system event data with traditional IT/operations SIEMs, providing new opportunities for organizations to combat insider attacks, APTs, and local facility breaches.

Kill Bugs Dead (link goes to partial reprint)
Product comparison, Secure Enterprise, Dec 1 2005. Hands-on comparison review of static source code analysis programs designed to identify security flaws; testing included creating a comprehensive test suite of source code in multiple languages, containing obvious and subtle security flaws.

Think Like an Attacker
Feature, Network Computing, June 1 2005, with Greg Shipley and Justin Schuh. Review of motives and methodologies of computer attacker adversaries, and how to incorporate those strategies into a defensive/risk management program.

Keeping an eEye on IIS Web Server
Product review, Network Computing, May 29 2003. Review of eEye IIS server plugin (like a web application firewall that is internal to the server, rather than external).

Proxies Add a Protective Shield
Product comparison, Network Computing, March 5 2003. Hands-on review and comparison of multiple commercial web application firewall products; comprehensive testing using real and simulated web attacks.

AppShield Inspects and Protects Your Web Apps From HTTP to Z
Product review, Network Computing, April 15, 2002. Hands-on review of Sanctum AppShield web application firewall.

Can 1024-bit Keys be Cracked? All in Good Time
Editorial, Network Computing, April 12 2002. Discussing the implications of recent industry concern regarding the cracking of 1024-bit RSA cryptographic keys and advances in computing capabilities.

Fireproofing Against DoS Attacks
Product comparison, Network Computing, Dec 10 2001. Hands-on comparison review of anti-DoS/DDoS networking products; testing included large-scale simulation of appropriate legitimate and DDoS networking traffic.

Vulnerability Assessment Scanners
Product comparison, Network Computing, Jan 8 2001, with Greg Shipley. Comprehensive multiple-product test review of network vulnerability assessment scanners. Testing included the creation of multiple vulnerable environments full of publicly known and custom vulnerabilities.

AppScan Flags Security Problems in Web Applications
Product review, Network Computing, Oct 16 2000. Review of Sanctum AppScan, one of the first commercial web vulnerability scanners.

Luring Killer Bees with Honey
Product comparison, Network Computing, August 21, 2000. Hands-on review of commercially available 'honeypot' products, that simulate a vulnerable server as a means to lure attackers into exposing themselves.

Maintaining Secure Web Applications
Feature, Network Computing, March 20 2000. Overview of common web application security problems, and strategies on how to migitate the problems within a secure development lifecycle effort.