Projects
A few projects I’ve created, joined, or explored over the years after being inspired to seek simple solutions to the technological inconveniences and inconsistencies we face on a daily basis. In short, attempting to make life a little easier. Some of these projects are now defunct but are retained here for posterity.
Information Security Conferences, Workshops, and Training Calendar
A Google Calendar tracking Information Security conferences, workshops, training, CFP deadlines, and related events. In subscribing to other similar calendars, I found many of them were local, regional, or were missing major conferences like BlackHat, RSA, or DEFCON. In an effort to consolidate and fill in the gaps of these other calendars, I have created this one.
Event suggestions welcome; Please submit to <dtrammell+calendar (at) dustintrammell.com>
View Calendar – Also available in iCal and XML versions.
LeetNet
Leetnet is a dynamic network of LANs connected securely via the Internet using VPN tunnels. Managed by a central web application interface and database, all networks can establish secure site-to-site IPSec VPN connections despite such complications as dynamic IP addresses, different IPSec implementations, large numbers of tunnels, multiple users, and overall complexity related to IPSec VPN use.
Contributions: Assisted in initial design, feature selection, and alpha/beta testing.
OSVDB
OSVDB was an independent and open source database created by and for the Information Security community. Its goal was to provide accurate, detailed, current, and unbiased technical information.
Contributions: Vulnerability research in a "Data Mangler" role included detailed analysis and documentation of vulnerabilities, using the OSVDB interface to provide the data in a format consistent with the existing database, and submitting vulnerability records for inclusion in the production database.
Post-Slack
Post-Slack is a post-install system configuration and hardening script-set and supporting pre-packaged software designed to take a stock Slackware installation and customize, secure, and configure various aspects of the system in an automated fashion.
Security for Receptionists
365 (or more) comprehensive security related questions appropriate for interviewing applicants for a receptionist position, or simply to keep your current receptionist staff sharp by asking them a question-a-day.
This project is ongoing. If you have suggestions for questions to add, please submit them via the Contact form at the bottom of the page!
Sender Policy Framework
SPF (RFC-4408) fights email address forgery and makes it easier to identify spam, worms, and viruses. Domain owners first identify mail servers in DNS that are authorized to send messages from their domain. SMTP receivers of messages from a given domain then verify the envelope sender address against this information and can distinguish legitimate mail from forged mail before any message data (headers or email body) is accepted by the receiving mail server.
Contributions: Participated in the SPF project’s email list providing security-focused feedback and design contributions.
Spamhole
Spamhole is a “honeypot" (fake) open SMTP relay, intended to stop (some) spam by convincing spammers that it is delivering spam messages for them, when in fact it is not.
