Adam Pridgen
[email protected]
website: thecoverofnight.com
Engineering Background, Honorably Discharged Veteran, CISSP, CEH
Overview
Proficient information security dude looking for reverse engineering gigs and performs security assessments, software penetration testing (remote or local), and security tool development looking for
opportunities to improve organizational security.
Qualifications
Programming: C/C++,Java, Python, Ruby (Basic), Assembly
Tools: Web Proxies, Immunity Debug/GDB, Python & iPython, SysInternals Suite, Wireshark, IDA
Pro & IDA Python, Various Tools from Collaborative RCE Tool Library
Operating Systems: Linux, Windows (NT,2000, XP), Mac OSX, VMWare (GUI’s & CLI)
Familiarity with Common Enterprise Network Protocols & TCP/IP
Familiar with Mac OSX, Linux and Windows Kernel and Userland Development Environments
Regularly Contributing Software and Knowledge to the Information Security Community
Proficient Oral and Written Engineering and Technical Communication
Professional
Certifications
Certified Information Systems Security Professional (CISSP),
Certified Ethical Hacker (CEH)
Education
B.S. in Electrical and Computer Engineering, University of Texas at Austin
M.S. in Engineering, University of Texas at Austin
Released
Software
Contributions
Links to code provided on request
2009, Scapy: Developed some basic layers and scanning tools
2009, DNS Resolver: Multi-threaded IP to DNS Scanner/Resolver using Socks5/Tor or host
2008, Nessconnect Arch. Support: Created a 64-bit compatible Nessconnect Bundle
2008, Peekviewstate: Reverse Engineered MS LOS Format and created .Net 2.0 Viewstate Parser
2008, SkypeShell: Skype Chat Command and Control written using Skype4Python Framework
2008, NetBios Collector: Python Script that uses several common tools to aggregate NetBios Info.
2008, NessconnectDMP: Nessus XML Parser that allows for analysis in a console environment
2007, VMware Python VIX Bindings: Updated Python Bindings for VMWare’s VIX Bindings
2006, Firefox TamberData Parser Exporter: Exports Tamperdata info from a session file
2006, Fiddler Session Parser: Exports Fiddler info from a session file
2006-7, SMASH: Basic Python Mobile Agent Platform built with security in mind
2005, JadeCoin: Simulated Covert Communication Protocol in IEEE 802.11 Networks.
Unreleased or
Academic
Software
Code is lost in one way or another.
Spr. 2007, Sniper:Developed Basic Block comparison for signatured in Pai-Mei Framework
Spr. 2006, Data Mining: Implemented a digital evidence gathering using dataminig algorithms
Fall 2005, Advanced Information Security: Implemented ShellShock a shell code emulator
Fall 2005, Agorithms: Implemented ticketing, graph/node analysis, and record sorting software
Spr. 2005, DSP Lab: QAM/PAM transmitters and recievers on the TMS320C6000 VLIW DSP
Spr. 2004, Embedded Software: Implemented servo controls and digital measurement
Web Articles
OpenRCE Web Post: Article about which tools to use and how to dump a process
AHA Web Posts: Article about completing the ShmooCon ’07 Contest
Presentations
Mar 2009, UT Software Engineering Society, “Introduction to Software Security and Threat
Modeling”
Nov 2008, Various, “Reverse Engineering ASP .Net 2.0 ViewState”
Jun 2008, BayouSec, “Reverse Engineering Software with Basic Protections”
Apr 2008, ISSA/ISACA: Presented on Securing VMWare Virtualization Environments
Feb 2008, InfraGard: Presented on Software Security and Threat Modeling
Apr 2003, ISSA/ISACA: “Introduction to Honeynet Techonology”
c
!2009
Adam Pridgen
Publications
1. G. Chamales and A. Pridgen, “The Success of the UT IEEE Communications Society”, In the
Proceedings of the 8th Colloquium for Information Systems Security Education, West Point, NY,
June 2004.
2. Kabadayi, S., Pridgen, A., and Julien, C., “Virtual Sensors: Abstracting Data from Physical Sensors,” In Proceedings of the 4th International Workshop on Mobile Distributed Computing
(MDC’2006), co-located with WoWMoM’06, Buffalo, NY (US), June 2006 pp. 587–592.
3. Pridgen, A. and Julien, C., “A Secure Modular Mobile Agent System,” In Proceedings of the 5th International Workshop on Software Engineering for Large-Scale Multi-Agent Systems (SELMAS’2006)
co-located with ICSE’06, Shanghai (China), May 2006, pp. 67–74.
Professional
Experience
Security Researcher & Consultant
June 2008 - present
Perform internal, external, and application penetration testing on a variety of targets. Develop custom
code and scripts to perform data analysis to enhance the vulnerability assessment process. Perform
software reverse engineering to determine the targets functionality, purpose, and other capabilities of
the software in question. Research and develop new and innovative capabilities for security tools.
The Cover of Night, LLC
Foundstone, a Division of McAfee
Software Security Consultant
Texas
June 2007 - June 2008
Performed internal, external, and application penetration testing on a variety of targets. Participated
in threat modeling workshops to and code reviews, which focused on identifying software design flaws
and bugs in business logic as well as in architecture and configurations. Produced code that added
additional functionality to exploits, such as the MS07-017 kernel escalation of privileges. Presented
on topics such as threat modeling and virtualization in the enterprise network. Assisted with course
content development and teaching in Foundstone’s classes.
University of Texas at Austin
Graduate Research Assistant
Austin, Texas
Fall 2006 - Spring 2007
Designed and implemented a mobile agent system focused on security and integrity of the platform
and agents using primarily Python and a Trusted Platform Module. The actual implementation was
scaled back to accommodate a development schedule. Supervised an undergraduate as she developed
supporting application utilities. Also administrated lab Linux machines and main server.
Department of Defense
Research Engineer
Fort Meade, Md
Summer 2006
Developed data preprocessing techniques using previously developed research API. Documented the
research API with concrete examples and functional descriptions learned while developing the data
processing techniques. Developed C/C++ on Unix and Win32 platforms.
Applied Research Labs
Student Java Programmer
Austin, TX
Summer 2005
Integrated database into an existing network auditing software. Performance was enhanced by storing
copies of known and common domain name records locally. Modifications also extended user interfacing functions, providing on-demand network name look-ups using either the database or DNS.
University of Texas - ITS
Student Network Analyst
Austin, TX
Spring 2005
Evaluated network intrusion prevention systems for deployment in the core network of the UT System.
The system would be used to offer services to clients of UT System Network Services, so network
architecture was also evaluated to enhance the effectiveness of the system and segregate traffic eligible
for the service. Performed basic router and switch.
21st Century Technologies
Computer Security Analyst
Austin, Tx
Summer 2004
Researched and developed threat patterns for a Graph Matching Intrusion Detection System. Tested
the patterns on a network consisting of physical and virtual hosts using the Linux and Windows
Platforms. Assisted with the development of security related project proposals.
c
!2009
Adam Pridgen
Simpler-Webb, Inc.
Security Engineer
Austin, Tx
May 2003 - March 2004
Monitored computer networks for suspicious and malicious activity. Conducted analysis on various
malware and developed custom signatures to detect the malware. Configured and performed regular maintenance on host and network intrusion detection systems and signatures. Configured Cisco
security solutions and networking equipment to meet client needs.
United States Army
Infantry Soldier
Enlisted: San Antonio, Tx
May 1998 - Oct 2000
Performed field doperations for combat readiness. Cleaned and maintained gear. Mentored and taught
junior soldiers the necessary skills, tactics, and techniques for combat maneuvering. Developed a
strong sense of motivation and discipline for meeting individual and team objectives.
Academic
Experience
Developed a Self-Study Reverse
Spring 2007
Engineering Cirriculum
Developed a self-study academic and lab course focused on the fundamentals of reverse engineering.
The course centered around applications of software reverse engineering, and explored legal issues,
techniques, methodologies, environments, and processes for reverse engineering software. The text
book chosen for the course was Reversing: Secrets of Software Reverse Engineering.
Signature Support for Pai-Mei Framework
Spring 2007
Attempted to Implement signature support functions to allow for commenting based on identified
attributes of analyzed code in the Pai-Mei pida format. This project utilized key features Python and
the pgraph classes to zoom in and out on interesting features and match against attributes found in
a single or multiplicity of Pai-Mei pida objects. Code was lost to disk corruption
Applying Data Mining to Digital Forensics
Spring 2006
As part of a team, we evaluated the effectiveness of applying data mining to the initial evidence
collection of a compromised host. We focused mainly on gathering text from files contained in the
host, and we obtained nominal results. The emphasis we placed on identifying all text files, even those
obscured by renaming, and then processing the text using known malicious terms and hacking tools
in the identified files. Code and report were lost to disk corruption
ShellShock Assembly Code Simulator
Fall 2005
Assisted in the development of a shell code analyzer for malware targeting Windows Operating System
Hosts. System takes a sandbox approach using a customized Qemu VM that imitates a Windows host.
The VM contains only references to key Windows Systems Libraries, and as these libraries are called,
a high level description of the actions are outputted to a log file.
Covert Communication in WLANs
Summer 2005
Designed and developed a novel communication method based on packet corruptions in legitimate
userś communications. Protocol uses a covert sender that encodes data to form a jamming pattern,
appends a header and tail to the message, then performs the specified jamming pattern based on a
contention window and a jamming window. The covert receiver will listen and record data based on the
contention and jamming window. The receiver will identify the header and tail using auto-correlation,
then decode the message based on an agreed upon encoding scheme.
IPv6 Deployment
March 2004 - February 2005
Coordinated the deployment of IPv6 on Internet 2. Worked very closely with UT System to install
hardware and configure the network. Lead a team of volunteers to pull and terminate cable for our
project. Deployed several hosts onto the IPv6 Network for experimentation and point of presence.
Sebek Testing
Fall 2003
Tested the Sebek software port for Windows 2000 and XP. Sebek is the key-stroke logging component
found on honeypots. This software is used to capture key strokes from the host machine. Our group
identified a hole in the software that would allow an intruder to circumvent the key stroke logging
process on this port before Sebekś public release.
c
!2009
Adam Pridgen