talks_etc

List of some talks I've done and other "merit badges."

Local talk about pentesting methodology in the cloud:

• https://www.eventbrite.com/e/february-meetup-red-team-and-public-cloud-tickets-253443816277?aff=ebdssbdestsearch

WebAuthN talk I gave at BSidesKC in 2021

• https://www.youtube.com/watch?v=YNZrPsqv6pY&list=PLWPSNJXUawziUocg80-ms0SlfMhoRyG0L&index=3

Blog from a unique red team phishing engagement. Skewed a little towards a blue team successes, but still feels good to have your work be blogworthy

• https://eng.sigmacomputing.com/hack-your-company-before-someone-else-does-58d1acc42df2

Ran an application security training class at BSidesKC 2021.

Ran an application security training class at KernelCon 2020 and 2021.

Assorted blog posts I have made. The one about reverse engineering an ATM skimmer I found was especially popular.

• https://trustfoundry.net/author/matt/

2018 local talk I presented about QubesOS

• https://www.youtube.com/watch?v=sbN5Bz3v-uA

Tool I developed for Blackhat Arsenal 2017. Simple premise and design, but the tool is actually pretty popular.

• https://blackhat.com/us-17/arsenal/schedule/#honeypi-7604

Tool I helped develop for Blackhat Arsenal 2015. The idea was decent, but the tool is a huge memory hog.

• https://www.blackhat.com/us-15/arsenal.html#burp-hash

Couple of small potatoes CVEs that aren't worth bragging about:

• CVE-2017-17698 : Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec
• CVE-2016-9274 : Vulnerability Discovered in Git Bash for Windows

Certs:

• Offensive Security Certified Professional (OSCP) : Issued Oct 2018
• AWS Certified Security – Specialty : Issued Apr 2021
• CREST Practitioner Security Analyst (CPSA) : Issued Feb 2020
• CREST Registered Penetration Tester : Issued Feb 2020