Fotis Hantzis aka ithilgore http://sock-raw.org ithilgore.ryu.L@gmail.com I am a computer programmer and researcher mainly interested in OS network stack implementations, kernel internals, security and network protocol vulnerabilities. I am also an avid supporter of Open Source software and a developer at the Nmap project. As of late, I have developed a strong interest in the fields of applied computer vision & image processing as well as other converging aspects of computer science. Publications ============= http://sock-raw.org/papers.html * Exploiting TCP and the Persist Timer Infiniteness: --------------------------------------------------- Exploitation of the TCP Persist Timer mechanism to extend and enhance old DoS techniques. Analysis of the TCP Persist Timer/Linux 2.6.18 implementation and demonstration of Nkiller2, a tool meant to show different combinations of network techniques - statelessness, client SYN cookies, TCP Timestamp time-keeping and TCP Persist Timer exploitation. Published at Phrack #66: http://phrack.org/issues.html?issue=66&id=9#article * Abusing Network Protocols: --------------------------- Invented a new stealthy port-scanning attack by abusing the popular XMPP. Presented at AthCon security conference. http://sock-raw.org/papers/abusing_network_protocols http://sock-raw.org/papers/anp_presentation.pdf * SOCK_RAW Demystified: ---------------------- Thorough analysis of the raw socket mechanism on the Linux 2.6 and FreeBSD 7.0 network stacks. It explains what happens behind the scenes when creating, delivering and receiving raw socket datagrams and delves into network internals of both contemporary kernels. http://sock-raw.org/papers/sock_raw * Hacking the OpenSSH library for Ncrack: --------------------------------------- Analysis of the process of building a OpenSSH-based library for Ncrack's SSH module. * Locating Stateless Firewalls: ------------------------------ Stateless firewall detection and exploitation due to misconfigurations and RFC ambiguities. http://sock-raw.org/papers/firewalls * Coding a Syn Scanner: ---------------------- Step by step analysis of developing a minimalistic and simple SYN port scanner. http://sock-raw.org/papers/syn_scanner * Hacking Bash History: ---------------------- Discussion of using .bash_history as a monitoring and logging facility and why it should be avoided. Bash source code modification for syslog interfacing is also demonstrated. http://sock-raw.org/papers/bash_history * SOCK_RAW: http://sock-raw.org ------------------------------ Personal website hosting some of my ideas, tools and papers I have written. Projects ========= * I have worked for the Nmap project twice as a Google Summer of Code student (2009 & 2010), developing from scratch a high-speed network authentication cracker going by the name of Ncrack. http://seclists.org/nmap-dev/2009/q2/0238.html http://ncrack.org * My website includes a list of some of my uploaded personal projects. Some of them and others: - Nkiller2: an extension of Nkiller, meant to demonstrate various techniques and the exploitation of the TCP Persist Timer (its source code is included in the "Exploiting TCP and the Persist Timer Infiniteness" paper that was published at Phrack #66). - Implemented an auto-defragmentation strategy for the Minix3 filesystem. - TAP: Tcpdump Analysing Parser - pknf: a simple port-knocking loadable kernel module for Linux - Creeper: a minimalistic SYN port scanner for educational purposes, working as a demonstration tool for the paper "Coding a Syn Scanner" - PFFS: pseudo-flat file system, a simple virtual file system which sits on top of an existing one - Pacman: a Java implementation of the famous Pacman game - HTML-parse: a simple parser for a small part of HTML, written in Flex/Bison - A multi-threaded mail server/client * I have been listed by Fyodor as one of the top Nmap contributors in his Defcon 2008 presentation. * Long-term study of RFCs and implementations, either in network stacks or in userspace software, of many networking protocols (IP, ICMP, TCP, UDP IGMP, ARP, RARP, HTTP, DNS, SOCKS, RIP, BitTorrent etc) to see how they work behind the scenes and research possible vulnerabilities that exist in the protocols themselves. * A proof-of-concept distributed Intrusion Detection System for detecting distributed SSH attacks. Skills ======= Programming languages ---------------------- * I am most proficient and experienced with ANSI C, being my language of choice for many years of practice and development. * I have experience with C++, Java, and x86 assembly (gas, nasm) * My scripting language of choice is Perl, I am competent with Bash, though I also have a beginner's level experience with Lua. * Other languages that I have come across through my studying include functional programming with Prolog and Common Lisp as well as simple web site building stuff (HTML, javascript and PHP). * Programming experience includes a strong grasp of BSD-sockets and packet-crafting/parsing (libdnet, pcap etc) in general. Operating Systems ------------------ * My Operating System of choice is and always has been GNU/Linux, having many years of experience with it. I administer several machines providing web, firewall and other services. Nearly all of my personal, academic and other projects are being developed on a GNU/Linux system. I have also studied a large portion of its contemporary network stack including the IP, TCP and raw socket layers and have gained experience with some other kernel subsystems and loadable module writing. * I also have some experience with OpenBSD and FreeBSD, having studied part of their network stack. * Windows experience and administration includes Server Editions (2003) among others. * Have tinkered with Minix3 and some of its subsystems. Other Technologies ------------------- * I am very familiar with network debugging tools like Nmap, tcpdump, wireshark, traceroute, paratrace, hping, tcpreplay, socat, nc and others. * I have a very good knowledge of gdb usage and debugging C in specific. * I am really interested in studying and analysing exploitation techniques like stack overflows, heap corruptions, mitm attacks, blind spoofing, rootkit hiding techniques like VFS layer redirection, shellcode writing and others and I am familiar with ways to both prevent and leverage them. * I have some experience with databases (mainly due to university courses) and in particular MySQL. Education ========== * 2005: Graduated from High School with a degree 19.6/20 * 2005 - today: undergraduate student at the Computer Engineering and Informatics Department (CEID) - University of Patras, Greece Work Experience ================ * 2005 - 2010: Administrator of more than 60 machines and various servers in my university's Computer Center. Distinctions ============= * Scholarship from CEID for having entered as the 3rd higher score student. * Two scholarships from my school for having graduated with the highest marks as 1st student. * Honorary commendations during the whole school education. Languages ========== * Greek is my first language. * Excellent English Skills - Proficieny (Cambridge + Michigan) * Moderate-Good German Skills - Mittelstufe * Functional Japanese - Level 4 Japanese Language-Proficiency Test Additional Information ======================= * I am an avid practitioner of Ninjutsu - a Japanese martial art * I have been playing the (electric) guitar for over 5 years. * I am one of the core members of a local LUG (Linux User Group) * I attend and present at various computer/technology related conferences like CCC, fosscom, AthCon and others. * I am interested in science fiction films and books. * I am a fan of Dungeon&Dragons-style (RPG) board and computer games. * Cognitive and brain sciences studying has always been a hobby. -- updated: January 2012