DEF CON 21: John Ortiz Reveals Quick & Easy Forensics with Simple Stats & Tools 🔍
Discover how computer engineer John Ortiz from Crucial Security shares fast, effective forensic techniques using straightforward statistics and innovative tools to detect malicious code attacks. Perfect for security professionals seeking practical insight
DEFCONConference
3.6K views • Dec 22, 2013
About this video
Fast Forensics Using Simple Statistics and Cool Tools
JOHN ORTIZ COMPUTER ENGINEER, CRUCIAL SECURITY/HARRIS
Ever been attacked by malicious code leaving unknown files all over your computer? Trying to figure out if a file is encrypted or just compressed? Is the file really something else? Is there hidden data? Are you short on time! This talk leads you through file identification and analysis using some custom FREE tools that apply statistics and visualization to answer these questions and more. You can often identify files by their statistical picture and I am going to show you how.
We can find some hidden data (steganalysis), easily determine if an executable file is packed or obfuscated, find appended data, figure out if the file is really what it purports to be and even aid in reversing XOR encryption. The final proof of concept program allows you to statistically identify (i.e. no magic numbers or header information used) some file types autonomously for an entire hard drive. The Windows-based tools (mostly math so adaptable to Linux) and source code are free!
John Ortiz is currently a senior computer engineering consultant for Harris/Crucial Security Inc. working as a reverse exploit engineer. In this position, he develops and analyzes vulnerabilities and exploits for various software. Prior to working at Crucial, he spent 5 years at SRA International and 5 years at General Dynamics developing various defense related software, researching data hiding techniques, and analyzing malware.
In a second role, Mr. Ortiz developed and teaches a Steganography course for the University of Texas at San Antonio (UTSA). It covers a broad spectrum of data hiding techniques in both the spatial and transform domains including least significant bit, discrete cosine transform, echo hiding, hiding in executables, and hiding in network protocols. For the course, Mr. Ortiz developed several steganographic programs for testing and analysis.
Mr. Ortiz holds two master's degrees from the Air Force Institute of Technology, one in Electrical Engineering and one in Computer Engineering and a BSEE from Rose-Hulman Institute of Technology.
My email address (stego@satx.rr.com) is available for public dissemination. I do not have twitter or facebook.
Materials:
https://www.defcon.org/images/defcon-21/dc-21-presentations/Ortiz/DEFCON-21-Ortiz-Fast-Forensics-Using-Simple-Statistics-and-Cool-Tools.pdf
https://www.defcon.org/images/defcon-21/dc-21-presentations/Ortiz/Extras.zip
JOHN ORTIZ COMPUTER ENGINEER, CRUCIAL SECURITY/HARRIS
Ever been attacked by malicious code leaving unknown files all over your computer? Trying to figure out if a file is encrypted or just compressed? Is the file really something else? Is there hidden data? Are you short on time! This talk leads you through file identification and analysis using some custom FREE tools that apply statistics and visualization to answer these questions and more. You can often identify files by their statistical picture and I am going to show you how.
We can find some hidden data (steganalysis), easily determine if an executable file is packed or obfuscated, find appended data, figure out if the file is really what it purports to be and even aid in reversing XOR encryption. The final proof of concept program allows you to statistically identify (i.e. no magic numbers or header information used) some file types autonomously for an entire hard drive. The Windows-based tools (mostly math so adaptable to Linux) and source code are free!
John Ortiz is currently a senior computer engineering consultant for Harris/Crucial Security Inc. working as a reverse exploit engineer. In this position, he develops and analyzes vulnerabilities and exploits for various software. Prior to working at Crucial, he spent 5 years at SRA International and 5 years at General Dynamics developing various defense related software, researching data hiding techniques, and analyzing malware.
In a second role, Mr. Ortiz developed and teaches a Steganography course for the University of Texas at San Antonio (UTSA). It covers a broad spectrum of data hiding techniques in both the spatial and transform domains including least significant bit, discrete cosine transform, echo hiding, hiding in executables, and hiding in network protocols. For the course, Mr. Ortiz developed several steganographic programs for testing and analysis.
Mr. Ortiz holds two master's degrees from the Air Force Institute of Technology, one in Electrical Engineering and one in Computer Engineering and a BSEE from Rose-Hulman Institute of Technology.
My email address (stego@satx.rr.com) is available for public dissemination. I do not have twitter or facebook.
Materials:
https://www.defcon.org/images/defcon-21/dc-21-presentations/Ortiz/DEFCON-21-Ortiz-Fast-Forensics-Using-Simple-Statistics-and-Cool-Tools.pdf
https://www.defcon.org/images/defcon-21/dc-21-presentations/Ortiz/Extras.zip
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
3.6K
Likes
33
Duration
45:13
Published
Dec 22, 2013
User Reviews
4.2
(3) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
Trending Now