rvdh Hacking & Security

If you received this document on paper, you may want to look at the most up-to-date version of this document, located at: http://lightconsulting.com/~thalakan/resume.html.

To use my abilities to help individuals and organizations to communicate without boundaries, and without borders. To help provide reliable and trustworthy communications systems by building security and robustness into the things I touch. It is my goal to provide secure, ubiquitous access to communications technology for all.

To apply best principles to the deployment and management of networks, and to assist the system and network administrator communities to develop the zero-administration environment we all want. To use my skills to leave the networks I touch smarter, faster, and easier to understand than when I started working with them. To release one truly great network infrastructure software component to the Internet networking community. Experience 2003-Present HSQ, Inc. Hayward, CA Technical Consultant Wrote the Win32 version of the MISER watchdog application supervision component. Designed and implemented a fully redundant Cisco based network core and associated management infrastructure for the light rail system being built at Hiawatha, MN. TTFC was 21 days, and TTS was 26 days. Ported the MISER ODBC bridge to the Win32 SCM ("service") API and other "native" APIs to satisfy reliability and customer ease-of-use requirements. Built graph algorithm libraries and tools to provide MISER with knowledge of system point topology and interconnections. Currently porting 100 kSLOC of industrial controller code to Windows CE. 2002-Present Protectix, Inc. Santa Clara, CA Technical Consultant Performed remote forensic analysis of compromised Windows servers and acted as liason between customers and Federal law enforcement. Performed on-site policy re-engineering consulting with customers. 2001-Present Open Source Telecom Sunnyvale, CA Technical Consultant Re-engineered server shipping process, saving approximately 1 day of engineering time per server and significantly increasing average margin per server. Wrote custom IVR systems using a combination of Perl and ccscript on the GNU Bayonne platform. Responsible for factoring out common code segments into re-usable libraries. Reduced average time to feature complete from weeks to days. Wrote Caller ID and port bridging drivers for Bayonne's Voicetronix driver. Worked with Voicetronix to resolve several bugs, including hybrid balance codec issues. 1999-Present Fry's Electronics, ISP Department San Jose, CA Technical Consultant Designed and implemented all the hardware and network infrastructure that runs www.frys.com. Project came in 50% under budget and has been secure for 2+ years. Implemented an 800-port RAS solution with three hardware vendors and open source software. Responsible for installing and maintaining equipment and software to provide dial-up, mail, RADIUS, customer web hosting, and infrastructure services for ISP products. Participated in the development of Freeside, an open-source billing and ISP administration package. Acted as developer liason between the Freeside community and Fry's management to produce patches which met the needs of both groups. Education 2000-Present Ohlone Community College Fremont, CA Completed requirements for Computer Science AS degree. Currently completing requirements for transfer admission to UC Berkeley's EECS program. 4.0 average GPA in major courses; average GPA for Ohlone's AS program is about 3.0. Training includes formal data structures, formal logic, multivariate calculus (with CS applications), linear algebra (with CS applications), and formal abstract analysis. 1999-2000 College of San Mateo San Mateo, CA Attended courses in real estate management for personal investment purposes. Skills Communications I've given several presentations at information security conferences on a wide variety of topics that have come up in the course of my work. I plan to be speaking throughout 2005 at conferences on topics such as SCADA system attack and defense and network visualization. Slides, videos, and abstracts are available upon request. I score in the top 5 percentile on standardized English reading and writing placement tests, and a perfect score on the standardized ASSET writing examination. I regularly catch corner-case errors in MSDN documentation when doing development on Microsoft platforms, and have attended Microsoft gatherings to help improve the overall quality of their documentation. I am a native English speaker with a Northern California accent and a Montessori based developmental language education. Languages > 1000 billed hours: ANSI/ISO C, C++. > 100 billed hours: Java, Perl, UNIX shell scripting (Bourne and csh). > 10 billed hours: DEC FORTRAN, GNU FORTRAN, VMS DCL, Intel assembly (including supervisor instructions and vector instructions), ccscript, autotools, GNU and BSD make. Self-taught: NT command shell scripting, VBScript / JScript windows scripting hosts, C#, COBOL, INTERCAL, AppleScript, elisp, flex, bison, and a few dozen domain-specific languages. Development Environments: Visual C++ 6.0, Visual Studio .NET, GNU toolchain using emacs and vim, Compaq Visual Fortran, VMS toolchain using EDT and DCL based tools. Network Platforms I can bring the following systems into compliance with site security policies: Windows NT (2000, XP), Linux, FreeBSD, OpenBSD, Solaris. I have billed more than 5000 hours on Linux related work, and more than 1000 hours on Windows and FreeBSD related work. I am familiar enough with the code to customize the following packages at the source level or by using vendor-provided plugin APIs: GCC, GTK, Javadoc, ISC BIND, snort, Sendmail, Qmail, Apache, various Windows subsystems, and OpenNMS. Network Protocols / Hardware I've worked with the following packet filtering, monitoring and/or firewalling tools: Linux 2.4 iptables SPF, Linux 2.2 ipchains, BSD ipfw, IPFilter, OpenBSD pf, libpcap, libnet, Ethereal, libnids, Windows NDIS intermediate drivers, Windows NDIS filter drivers, OS X I/O Kit filters, VMS UCX ACLs. I have worked with and/or written protocol libraries for the following platforms: Internet Protocol v4 and v6, Ethernet, the H.323 family of videoconferencing protocols, BGP 4+, EIGRP (Cisco), RIP, DNS, LDAP, SNMP, HTTP, FTP, IP Multicast, Berkeley UNIX sockets, Winsock 2, Linux 2.4 bridging, AX.25 amateur packet, SMB (windows networking), NFS, NTP, the Intel PXE family of network boot tools, bpbatch, NMB (windows networking name services), PPTP, Token ring, various LAN ATM flavors, PPP (+IPCP, CCP, BridgeCP, and other extensions). Titles I regularly compete against other network security groups in contests designed to test the speed, agility, and knowledge of the teams playing. I hold the following titles as a result of these competitions: DefCon 9, Las Vegas, NV: Co-won first place DefCon 10, Las Vegas, NV: First place Interz0ne II, Atlanta, GA: First place Interz0ne III, Atlanta, GA: Second place t00rcon 2003, San Diego, CA: Second place t00rcon 2004, San Diego, CA: Second place Interz0ne IV, Atlanta, GA: First place Other I am the primary build engineer for Paketto Keiretsu. Can type over 100 wpm on both QWERTY and Dvorak keyboards. I participated in the DefCon Capture the Flag competition during DefCon 9 and 10 and assisted the Digital Relevation team in winning first place both years. Wrote several attack and defense tools in C, Perl, Bourne shell, and C# under pressure, with an approximate output of 2 debugged lines of C per minute. My lifetime code output in all languages has been independently estimated to be approximately 150,000 lines as of 2003, with a 1:5 documentation to code ratio. Hold an Technican-class amateur radio license (callsign KF6RGF) and participate in the local emergency services net. I'm maintain a strict policy of continuing self-education in both my personal and business roles. My personal research network (14 nodes located nationally and internationally) has never been been compromised in violation of the security policy by either anonymous or guest "white-hat" hackers. References available on request.

To use my skills to leave the networks I touch smarter, faster, and easier to understand than when I started working with them. To release one truly great network infrastructure software component to the Internet networking community. Experience 2003-Present HSQ, Inc. Hayward, CA Technical Consultant Wrote the Win32 version of the MISER watchdog application supervision component. Designed and implemented a fully redundant Cisco based network core and associated management infrastructure for the light rail system being built at Hiawatha, MN. TTFC was 21 days, and TTS was 26 days. Ported the MISER ODBC bridge to the Win32 SCM ("service") API and other "native" APIs to satisfy reliability and customer ease-of-use requirements. Built graph algorithm libraries and tools to provide MISER with knowledge of system point topology and interconnections. Currently porting 100 kSLOC of industrial controller code to Windows CE. 2002-Present Protectix, Inc. Santa Clara, CA Technical Consultant Performed remote forensic analysis of compromised Windows servers and acted as liason between customers and Federal law enforcement. Performed on-site policy re-engineering consulting with customers. 2001-Present Open Source Telecom Sunnyvale, CA Technical Consultant Re-engineered server shipping process, saving approximately 1 day of engineering time per server and significantly increasing average margin per server. Wrote custom IVR systems using a combination of Perl and ccscript on the GNU Bayonne platform. Responsible for factoring out common code segments into re-usable libraries. Reduced average time to feature complete from weeks to days. Wrote Caller ID and port bridging drivers for Bayonne's Voicetronix driver. Worked with Voicetronix to resolve several bugs, including hybrid balance codec issues. 1999-Present Fry's Electronics, ISP Department San Jose, CA Technical Consultant Designed and implemented all the hardware and network infrastructure that runs www.frys.com. Project came in 50% under budget and has been secure for 2+ years. Implemented an 800-port RAS solution with three hardware vendors and open source software. Responsible for installing and maintaining equipment and software to provide dial-up, mail, RADIUS, customer web hosting, and infrastructure services for ISP products. Participated in the development of Freeside, an open-source billing and ISP administration package. Acted as developer liason between the Freeside community and Fry's management to produce patches which met the needs of both groups. Education 2000-Present Ohlone Community College Fremont, CA Completed requirements for Computer Science AS degree. Currently completing requirements for transfer admission to UC Berkeley's EECS program. 4.0 average GPA in major courses; average GPA for Ohlone's AS program is about 3.0. Training includes formal data structures, formal logic, multivariate calculus (with CS applications), linear algebra (with CS applications), and formal abstract analysis. 1999-2000 College of San Mateo San Mateo, CA Attended courses in real estate management for personal investment purposes. Skills Communications I've given several presentations at information security conferences on a wide variety of topics that have come up in the course of my work. I plan to be speaking throughout 2005 at conferences on topics such as SCADA system attack and defense and network visualization. Slides, videos, and abstracts are available upon request. I score in the top 5 percentile on standardized English reading and writing placement tests, and a perfect score on the standardized ASSET writing examination. I regularly catch corner-case errors in MSDN documentation when doing development on Microsoft platforms, and have attended Microsoft gatherings to help improve the overall quality of their documentation. I am a native English speaker with a Northern California accent and a Montessori based developmental language education. Languages > 1000 billed hours: ANSI/ISO C, C++. > 100 billed hours: Java, Perl, UNIX shell scripting (Bourne and csh). > 10 billed hours: DEC FORTRAN, GNU FORTRAN, VMS DCL, Intel assembly (including supervisor instructions and vector instructions), ccscript, autotools, GNU and BSD make. Self-taught: NT command shell scripting, VBScript / JScript windows scripting hosts, C#, COBOL, INTERCAL, AppleScript, elisp, flex, bison, and a few dozen domain-specific languages. Development Environments: Visual C++ 6.0, Visual Studio .NET, GNU toolchain using emacs and vim, Compaq Visual Fortran, VMS toolchain using EDT and DCL based tools. Network Platforms I can bring the following systems into compliance with site security policies: Windows NT (2000, XP), Linux, FreeBSD, OpenBSD, Solaris. I have billed more than 5000 hours on Linux related work, and more than 1000 hours on Windows and FreeBSD related work. I am familiar enough with the code to customize the following packages at the source level or by using vendor-provided plugin APIs: GCC, GTK, Javadoc, ISC BIND, snort, Sendmail, Qmail, Apache, various Windows subsystems, and OpenNMS. Network Protocols / Hardware I've worked with the following packet filtering, monitoring and/or firewalling tools: Linux 2.4 iptables SPF, Linux 2.2 ipchains, BSD ipfw, IPFilter, OpenBSD pf, libpcap, libnet, Ethereal, libnids, Windows NDIS intermediate drivers, Windows NDIS filter drivers, OS X I/O Kit filters, VMS UCX ACLs. I have worked with and/or written protocol libraries for the following platforms: Internet Protocol v4 and v6, Ethernet, the H.323 family of videoconferencing protocols, BGP 4+, EIGRP (Cisco), RIP, DNS, LDAP, SNMP, HTTP, FTP, IP Multicast, Berkeley UNIX sockets, Winsock 2, Linux 2.4 bridging, AX.25 amateur packet, SMB (windows networking), NFS, NTP, the Intel PXE family of network boot tools, bpbatch, NMB (windows networking name services), PPTP, Token ring, various LAN ATM flavors, PPP (+IPCP, CCP, BridgeCP, and other extensions). Titles I regularly compete against other network security groups in contests designed to test the speed, agility, and knowledge of the teams playing. I hold the following titles as a result of these competitions: DefCon 9, Las Vegas, NV: Co-won first place DefCon 10, Las Vegas, NV: First place Interz0ne II, Atlanta, GA: First place Interz0ne III, Atlanta, GA: Second place t00rcon 2003, San Diego, CA: Second place t00rcon 2004, San Diego, CA: Second place Interz0ne IV, Atlanta, GA: First place Other I am the primary build engineer for Paketto Keiretsu. Can type over 100 wpm on both QWERTY and Dvorak keyboards. I participated in the DefCon Capture the Flag competition during DefCon 9 and 10 and assisted the Digital Relevation team in winning first place both years. Wrote several attack and defense tools in C, Perl, Bourne shell, and C# under pressure, with an approximate output of 2 debugged lines of C per minute. My lifetime code output in all languages has been independently estimated to be approximately 150,000 lines as of 2003, with a 1:5 documentation to code ratio. Hold an Technican-class amateur radio license (callsign KF6RGF) and participate in the local emergency services net. I'm maintain a strict policy of continuing self-education in both my personal and business roles. My personal research network (14 nodes located nationally and internationally) has never been been compromised in violation of the security policy by either anonymous or guest "white-hat" hackers. References available on request.

Leave a Comment