Presentations

No Single Answer: Balancing Cybersecurity Insurance and a Strong Security Program
Smart City Security
: The Real-World Risks & Challenges
Hide Yo' Kids: Hacking Your Family's Connected Things
The Hand That Rocks The Cradle: Hacking IoT Baby Monitors
Information Security Reconciliation: The Scene and The Profession
Cloud Security: There's a Storm Coming
The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right
Security for the People: End-User Authentication Security on the Internet
How We're Failing to Secure the "Internet of Things"
The Internet of Things: We've Got to Chat
Eyes on IZON: Surveilling IP Camera Security
Two-Factor Authentication: A Primer
A Career in Information Security as Described by Animated GIFs
Securing the Stack: Hardening Your Drupal Deployment
How I Became an iOS Developer for Fun and Debt
So You Want to Hire a Penetration Tester?: 10 Tips for Success
Keeping the Cloud Promise: Infrastructure Agility with a DevOps Toolchain
Core Linux Security: 0-Day Isn't Everything
"It's Just a Web Site": How Poor Web Programming is Ruining Information Security
Cloud Disaster Recovery: Leveraging Cloud Computing for Cheap Hot Sites
Cloud Computing: Let's Clear the Air
Development Operations: Take Back Your Infrastructure
Being a Puppet Master: Automating Amazon EC2 with Puppet & Friends
It's Vulnerable... Now What?: Three Tales of Woe and Remediation
What's a Linux?: Creating & Teaching College Courses at 24
Get Smart[y]: The Smarty Template Engine for PHP
Miscellaneous

Vulnerabilities

Fisher-Price Smart Toy®
CVE-2015-8269 - Improper Authentication Handling

hereO GPS Platform
CERT VU#213384 - Authorization Bypass

iBaby M6
CVE-2015-2886 - Predictable Information Leak

iBaby M3S
CVE-2015-2887 - Backdoor Credentials

Philips In.Sight B120/37
CVE-2015-2882 - Backdoor Credentials
CVE-2015-2883 - Reflective, Stored XSS
CVE-2015-2884 - Direct Browsing

Summer Baby Zoom Wifi Monitor & Internet Viewing System
CVE-2015-2888 - Authentication Bypass
CVE-2015-2889 - Privilege Escalation

Lens Peek-a-View
CVE-2015-2885 - Backdoor Credentials

Gynoii
CVE-2015-2881 - Backdoor Credentials

TRENDnet WiFi Baby Cam TV-IP743SIC
CVE-2015-2880 - Backdoor Credentials

Stem Innovation IZON
CVE-2013-6236 - Hard-coded Credentials

portable-phpMyAdmin WordPress Plugin
CVE-2012-5469 - Authentication Bypass

Hotel Booking Portal
CVE-2012-1672 - SQL Injection

e-ticketing
CVE-2012-1673 - SQL Injection

phpPaleo
CVE-2012-1671 - Local File Inclusion

PHP Grade Book
CVE-2012-1670 - Unauthenticated SQL Database Export

phpMoneyBooks
CVE-2012-1669 - Local File Inclusion

Andy's PHP Knowledgebase
CVE-2011-1546 - SQL Injection Vulnerability

Quick Polls
CVE-2011-1099 - Local File Inclusion & Deletion Vulnerabilities

Seo Panel
CVE-2010-4331 - Cookie-Rendered Persistent XSS Vulnerability

Pointter PHP Micro-Blogging Social Network
CVE-2010-4333 - Unauthorized Privilege Escalation

Pointter PHP Content Management System
CVE-2010-4332 - Unauthorized Privilege Escalation

Pulse CMS Basic
CVE-2010-4330 - Local File Inclusion Vulnerability

Orbis CMS
CVE-2010-4313 - Arbitrary Script Execution Vulnerability

Free Simple Software
CVE-2010-4298 - SQL Injection Vulnerability

WSN Links
CVE-2010-4006 - SQL Injection Vulnerability

Press Coverage

Research Coverage

Fisher-Price Smart Toy® & hereO GPS Platform
Internet-Connected Baby Monitors
Stem Innovation IZON Camera

Press Quotes

Interviews

Publications

Books

Webinars

White Papers

Blog Posts

Contributed
Rapid7
Duo Security
NetWorks Group
MNX Solutions

Graduate Research

Technical Documentation

Teaching

Eastern Michigan University

NITA 212: Open Source Platform and Network Administration - Fall 2009; Winter 2010
Labs: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Slides: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11

NITA 412: Linux Security Administration - Winter 2010; Fall 2010; 2x Winter 2011
Labs: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Slides: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

ITT Technical Institute

IT 250: Linux Operating System - Fall 2009