About Dan Tentler
Dan Tentler
Founder/Director of Security Research
AtenLabs
-
Presentations
- Security 101, presented during Refresh SD at Qualcomm (part 1: http://vimeo.com/2847947 and part 2: http://vimeo.com/2879833)
- Peoplehacking, presented at BarCamp San Diego 3 (http://www.viddler.com/explore/Viss/videos/1/)
- Peoplehacking 2.0, presented at BarCamp San Diego (http://www.youtube.com/watch?v=0g-zZa7TKBo only the first 10 minutes were captured)
- How to exploit an XP machine using an IPOD Touch (http://www.youtube.com/watch?v=RJziHh8zay4)
- Invited to speak at toorcamp 1
- Invited to speak at toorcon 11
- Invited to speak at SecTor
- Invited to speak at Ignite LA
- Interviewed by CNN iReporter during Toorcon 11 Link to video
- I was interviewed by Information Week about a twitter worm (http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=212700652)
- I organize BarCamp San Diego, a local tech conference. Three years running so far
- I present at BarCamp San Diego and BarCamp Los Angeles on things ranging from social engineering to information security
- I teach lockpicking (www.atenlabs.com/lockpicking) via Ustream and in person
- Intelligence Chameleon (http://home.thaumatocracy.com/ic.htmli) - a many-to-many obfuscation proxy I designed for anonymizer.com which was later patented
- Client 1: Medical company using a custom portal to keep track of clients medical data. Rife with exploits - sql injection vulnerabilities everywhere, xss in literally every field available for input. Was able to get into the admin control panel using ' or 1=1-- in the username field, then obtained all the other admins credentials via the httpfox firefox toolbar - they were passing cleartext passwords into obfuscated text fields. Was able to ssh into their asterisk red hat machine using some of the creds obtained and ran a local privilege escalation exploit to bring me to root. Was also able to run sqlmap against that same sql-injectable server and obtained a handful of sql usernames, sql architecture, server name, domain and list of databases.
- Client 2: Primarily forensics work. 10 of their employees all quit on the same day and went across the street, opening a competing business. They came in days after they quit to print financial data, steal passwords, shred evidence etc. They didn't do a very good job. Left a ton of data in the event logs on the AD server, firewall logs of them RDP'ing in from their home IP addresses
- Patent for the Intelligence Chameleon (http://www.wipo.int/pctdb/en/wo.jsp?wo=2006072052)
- OSCP certification (offensive security certified professional)
- WCSE certification (websense certified systems engineer)
- WCTR certification (websense certified training representative)
- NVBA certification (netvault certified backup administrator)
- Lead Planner: BarCamp San Diego
- IOActive - Information Security
- LPL Financial - Information Security
- Intuit - systems engineering / Information Security
- Warner Brothers Records - systems engineering
- Laughing Squid - systems administration and Information Security
- M5 computer security - systems engineering and Information Security
- IdeaBlue Networks - Information Security
- Lunch.com - Information Security
- Gearfuse.com - systems engineering and Information Security
- TheLaw.net - systems engineering and Information Security
- Versa Computing - Information Security
- E Planet Solutions - Information Security
- MPAK Technologies - Information Security
- El Dorado Stone - Information Security
- DigiSynd - systems administration
- Zynga - Information Security
- Lares Consulting - Information Security
- MWPartners - Systems Engineering
- OnRamp Wireless - Systems Engineering
- MindTouch - Systems Architecture
Docs
Audit Examples (sorry for lack of details, NDAs involved)
Accreditations, Certs, Achievements and Patents
Client List