Profile cover photo
Profile photo
Tim Ehrhart
87 followers -
[Network|Computer|Cyber|Buzzword of the day] security dude
[Network|Computer|Cyber|Buzzword of the day] security dude

87 followers
About
Tim's interests
View all
Tim's posts

Post has attachment
Intercepting SSL and more with WPAD
This morning I read Sniffing HTTPS URLS with malicious PAC files   by Alex Chapman and Paul Stone. It's an excellent summary of a key problem with PAC files, mainly that its a JavaScript file delivered by HTTP with well-known techniques to push to unsuspect...

Post has attachment
After reading a nice write-up by contextis.com on using WPAD and PAC files to collect SSL URLs, I'm releasing a tool I previously wrote for this exact attack and more.

Post has attachment
Intercepting SSL and more with WPAD
This morning I read Sniffing HTTPS URLS with malicious PAC files   by Alex Chapman and Paul Stone. It's an excellent summary of a key problem with PAC files, mainly that its a JavaScript file delivered by HTTP with well-known techniques to push to unsuspect...

Post has attachment
"Topic Modeling FOIA Data" http://www.harvest.ai/blog/2015/10/12/topicmodelingfoiadata #security #feedly

Neat application of machine learning. 

Post has attachment
Detecting Surreptitious Drive Access
Many years ago someone told me that there was no way to detect the surreptitious imaging of a hard drive. This idea is reinforced in forensics classes that remind you to use a write-blocker during imaging to guarantee that nothing is changed on the drive. I...

Post has attachment
An artist who understands me
Photo

Post has attachment
Our shrine to Android. I don't think anyone's going to ask my team to do ice sculptures at weddings or parties...
Photo

Post has attachment
Efficient use of packaging. One box for one cable. 
Photo

Post has attachment

Post has attachment
Let's play "guess what that sign means". I suggest: Don't walk or ride here, or else the gate will beat you down. 
Photo
Wait while more posts are being loaded