Security Research
With a plethora of experience in Information Security, I’ve written a great deal of content with relevance to many modern (and some older) facets of the tech industry. In an ever evolving world of technology, the need to dive deep and understand the workings behind, and around, the technology become essential.
An Analysis of VoIP Steganography Research Efforts
An analysis of various research efforts within the discipline of steganography dated between 2003 and July 2007, specifically targeted at Voice-over-IP as cover-medium, was peformed. Within each individual effort's analysis, deficiencies in the authors' understanding of the dicipline, their paper's theories, reference implementation or proofs of concept, and/or hurdles to applicability are detailed.
Paper Status: Unreleased
Context-keyed Payload Encoding
A common goal of payload encoders is to evade a third-party detection mechanism which is actively observing the attack traffic somewhere along the route from an attacker to target application, filtering on commonly used payload instructions.
PDF (2020)
Uninformed Journal Vol 9 (2008)
Metasploit Framework Telephony
An important attack vector missing in many penetration testing and attack tools available today is the tried-and-true telephony dialup. With the recent surge in popularity of VoIP connectivity, accessing such attack vectors has become both cheap and easy.
Mnemonic Password
Formulas
The information technology landscape is cluttered with large numbers of information systems, many of which have their own individual authentication systems. Even with single-sign-on and multi-system authentication mechanisms, systems within disparate authentication domains are likely to be accessed by users of various levels of involvement with the landscape as a whole.
Real-time Steganography with RTP
Real-time Transfer Protocol (RTP) is used almost ubiquitously by Voice over IP technologies to provide an audio channel for calls. As such, it provides ample opportunity for creation of a covert communications channel due to it's very nature and use in implementation.
