cipherdyne.org

Michael Rash, Security Researcher



Michael Rash, Security Researcher

Michael Rash

Resume

All projects distributed on this site were developed as open source software in Perl and C by Michael Rash, and many of my articles, papers, and conference talks can be downloaded below.

Conference Talks

  1. "Crossing the Streams with State Machines in IDS Signature Languages", ShmooCon 2014 FireTalks, January 2014 (complete video here).

  2. "Generalized Single Packet Authorization for Cloud Computing Environments", ShmooCon 2013, February 2013 (complete video here, or just the demo here).

  3. "Recent Advances in Single Packet Authorization", HOPE 9, July 2012

  4. "Single Packet Authorization", DojoCon, November 2009 (recorded video here).

  5. "Port Knocking and Single Packet Authorization: Practical Deployments", The Last HOPE, July 2008 (video here).

  6. "Advanced Linux Firewalls", SOURCE Boston, March 2008 (video here).

  7. "Iptables Attack Visualization", OSCON, July 2007

  8. "Zero-day Attack Prevention via Single Packet Authorization", Techno Security, June 2007

  9. "Attack Detection and Response with Linux Firewalls", ShmooCon, March 2007

  10. "Service Cloaking and Anonymous Access; Combining Tor with Single Packet Authorization (SPA)", DefCon 14, August 2006 (video here).

  11. "Maximum Netfilter", OSCON, July 2006

  12. "Advances in Single Packet Authorization", ShmooCon, January 2006

  13. "Netfilter and Encrypted, Non-replayable, Spoofable, Single Packet Remote Authorization", ToorCon 7, September 2005

  14. "Securing the Enterprise with Netfilter", Linux World Summit, May 2005

  15. "Advanced Netfilter; Content Replacement (ala Snort_inline) and Combining Port Knocking with p0f", DefCon 12, July 2004


Publications

  1. "IDS Signature Matching with iptables, psad, and fwsnort", USENIX ;login: Magazine (Security Issue), December 2007

  2. "Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort", No Starch Press, September 2007

  3. "Protecting SSH Servers with Single Packet Authorization", The Linux Journal, May 2007

  4. "Single Packet Authorization", The Linux Journal, April 2007

  5. "Wireshark & Ethereal Network Protocol Analyzer Toolkit" (contributed the active response case study on pages 398-402), Syngress Publishing, December 2006

  6. "Single Packet Authorization with fwknop", USENIX ;login: Magazine, February 2006

  7. "Intrusion Prevention and Active Response : Deploying Network and Host IPS", Syngress Publishing, February 2005

  8. "Combining Port Knocking and Passive OS Fingerprinting with fwknop", USENIX ;login: Magazine, December 2004

  9. "Snort 2.1 Intrusion Detection, Second Edition", Syngress Publishing, June 2004

  10. "Content Filtering and Inspection with fwsnort and psad", Sys Admin Magazine, April 2004

  11. "Firewalls: Doing it Yourself", Information Security Magazine, October 2003

  12. "Running Linux and Netfilter on Nokia IP Series Hardware", The Linux Journal, April 2003

  13. "Security Benchmark for Linux" (Contributing Editor), The Center for Internet Security, May 2002

  14. "Securing Linux Step-By-Step" (Contributing Editor), SANS, March, 2002

  15. "Verifying Filesystem Integrity with CVS", The Linux Journal, February 2002

  16. "Detecting Suspect Traffic", The Linux Journal, November 2001


Online Book Chapters

  1. Chapter 10 "Deploying fwsnort" from "Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort", No Starch Press, September 2007

  2. Chapter 5 "Network Inline Data Modification" from "Intrusion Prevention and Active Response: Deploying Network and Host IPS", Syngress Publishing, February 2005


Interviews and Web Articles

  1. "The Art of Information Security Blog Interviews Michael Rash", artofinfosec.com, February 2009

  2. Interview with Michael Rash, Security Architect and Author of "Linux Firewalls", net-security.org, November 2007

  3. Linux Firewalls Hold Up Under Application Layer Attacks, CRN, November 2007