Dave Dittrich (@davedittrich)¶
- Status
Security Researcher, Consultant, Author
- Motto
Dealing with the Advanced Persistent Threat since before it was even a thing.
If you spend more on coffee than on IT security, then you will be hacked. What’s more, you deserve to be hacked.
—Richard Clarke, Former Special Advisor to the President on Cybersecurity, RSA 2002
In the information economy, failing to maintain an informed view of the level of cyber-threat will soon be an un-sustainable risk for board level decision makers. The potentially high impact of individual and cumulative cyber-attacks means that the threat has become the responsibility of Chief Executives and Boards of Directors, rather than specialist security and system staff.
—Information Sharing Advisory Council, Sharing is Protecting: A Review of Information Sharing, in partnership with the National Infrastructure Security Co-ordination Centre, 2003.
About me¶
Homepage: https://davedittrich.github.io
GitHub: https://github.com/davedittrich
Medium: https://dave-dittrich.medium.com
Twitter: https://twitter.com/davedittrich
Honeynet Project: https://www.honeynet.org/author/david-dittrich/
I am a computer security researcher with a hacker mindset who applies and translates decades of acquired knowledge to serve others with expertise in other domains to help them build and operate more resilient businesses.
I spend my time trying to understand how bad people harm others over the internet, and finding ways to lessen the damage by the bad guys (on purpose) or the good guys (by accident). I do this as an applied computer security researcher, a consultant, an author, and a first-iteration entrepreneur. For years I have freely given away much of my knowledge and tools because I believe everyone has a responsibility for helping make the internet a safer place, but they need to learn how from those who have already figured it out.
My background is in computer programming and UNIX system administration on several platforms. I started working at the University of Washington in 1990 and from 1996 until 2003, I was the senior computer security incident response analyst and system/network security consultant for the UW. Since then, I have focused on research and development of tools/techniques dealing with advanced threats.
Many years ago, I also supported World Wide Web services including the initial prototype and subsequent support of UW’s original (now retired) Weber web service (and am the proud “father” of the Weber Guy).
I taught C&C Education & Training course R870: Unix System Administration - A Survival Course <http://web.archive.org/web/19981205134345/http://www.washington.edu/R870/> for about 10 years, then lead the team that developed the first course on Cyberterrorism for UW Educational Outreach and in Autumn 2003 co-taught the initial offering of the special topics course on Computer Security Incident Response INFO 498AA in the UW’s iSchool. <http://web.archive.org/web/20040302143953/http://courses.washington.edu/i498aa/Syllabus.htm>
I was a founding member, and currently serve as Chief Legal and Ethics Officer, of the Honeynet Project <https://www.honeynet.org/> as well as a long-standing member of Seattle’s Agora computer security group (until it ceased in 2019).
This home page is available at <https://davedittrich.github.io>, and my Honeynet Project blog is at <https://www.honeynet.org/blog/64>
Contents¶
- Distributed Incident Management System (DIMS)
- The Active Response Continuum
- Articles/papers/audio related to the Active Response Continuum
- Attacks on Google accounts and servers
- Anti-Spyware laws
- Lycos Europe “Make Love Not Spam”
- Music/Video related stories
- Conferences related to the Active Response Continuum (specifically “offensive computing”)
- Other computer security conferences including talks covering offensive tactics (but not as a major focus)
- Public/Private Partnerships to Improve Cyber Response
- History of Public and Private Police Forces
- Privateering (“Letters of Marque and Reprisal”)
- Attribution
- Law
- Books related to “Active Defense”
- Tools and software systems related to “Active Defense”
- Reading list for Active Defense Workshop
- Articles/papers/audio related to the Active Response Continuum
- Biographical info
- A Blog within a Blog within a Blog
- “Cyberwarfare” (#NotARealThing)
- Background information
- Abuse/misuse of the term “cyberwar” (why “cyberwar” isn’t a thing)
- Wikileaks (and claims of “Cyberwarfare” against it)
- “Cyberwarfare” against Estonia?
- “Cyberterrorism” (?!)
- Electronic “Jihad”?
- Media Stories
- Testimony, Reports to Congress/Executive
- International issues
- Legal Issues
- Misc.
- Ethics
- Computer Forensics
- Online resources
- Forensic analysis tools and related software
- Blogs
- Books
- Articles/Journals
- Organizations/conferences/training
- Law and Legal Process
- Being an Expert Witness or Consulting for Counsel
- Digital Timestamping
- Guidelines and standards
- Interviews
- Reverse engineering/Debugging/Malware Analysis
- Memory Forensics
- Anti-Forensics (Note: Use these on an isolated analysis system)
- Encryption/Stegonography
- Secure Deletion
- Cell Phone/Mobile Forensics
- Fingerprint (file hash) databases
- Rootkit identification utilities
- File system integrity checking tools
- Forensic analysis or related hardware
- Partitioning/File system documentation
- Destruction/Recovery of data
- Incident costs, damage estimation, and risk analysis
- Other documents/terms/legal resources
- Certificate/Degree Programs
- Security related podcasts
- General Computer Security Awareness
- Advanced Persistent Threat (APT) Simulation
- Purple Teaming
- Internet of Things (IoT)
- SSH
- Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
- News items of interest
- Sharing threat information
- Taxonomies and Ontologies for Information Security
- Authentication/Authorization/Accounting (AAA) services and Role-Based Access Control (RBAC)/Identity management
- Security Tools
- Social Engineering
- Industrial Control Systems (ICS) security
- Mobile/Smartphone Security
- QR codes as attack vector
- Interesting reading about hacker culture, sociology, attacks, etc.
- iPhone security
- International Standards
- Security Vulnerabilities
- Philes/Archives/News
- Interesting security-related news articles
- Inadequate/improper destruction of data
- Interesting Security Research
- Secure Hardware
- Analysis
- TCP/IP vulnerabilities, exploits, coding, etc.
- Linux Security
- Governmental activity on cybercrime, Information Assurance, etc.
- General Accounting Office reports
- Department of Defense publications
- NIST Computer Security Standards, Checklists, and Special Publications
- Risk Management
- Security Policy/Incident Response
- Secure Email
- Secure Programming
- Miscellaneous Security related pages
- Readings for Critical Infrastructure “Cyberterrorism” course
- Secure passwords, Password crackers and dictionaries
- SPAM
- Images
- Laugh at…
- Mac and Mac Security
- Miscellaneous
- COVID-19
- Privacy
- Podcasts
- Authoring and Self-publishing
- Authoring Courses using the Morea Framework
- Business
- Blockchain and Smart Contracts
- Academics and Research
- Mind Mapping
- Rock climbing
- Guitar stuff
- Metal Detecting
- Internal Storage
- Voice over IP and SIP
- Travel tips
- LED lights/Smart lights
- Health
- Recreation
- Tools and Maker Spaces
- Bikes
- Tastes
- Sounds
- Digital Cameras and Equipment
- Visualize Whirled Peas (or just visualize)
- Hardware
- Unicode
- Remote server management
- iPhone stuff
- Databases and database tools
- Grab bag
- Netware Security
- Networking and Network Security
- Network Security
- Network traffic analysis tools (thanks to Toby Kohlenberg)
- More network traffic analysis tools and techniques
- Other useful tools
- Network Security Monitoring tool suites
- IPv6
- Network discovery tools
- Log parsing tools
- Network monitoring/Intrusion Detection Systems (IDS)
- Honeypots and Honeynets
- Public domain packet capture/analysis tools
- Routers
- Firewalls
- DNS
- Virtual Private Networks (VPNs)/Crypto tunnels
- VLANs
- Wireless (WiFi) Access
- Wireless Security
- Miscellaneous Network Security related pages
- Networking
- Speaking
- Software Development
- Software Engineering Best Practices
- Programming in Python
- Programming in Rust
- JSON Parsing Tools
- Testing and Test Automation
- Sphinx + reST
- MkDocs + Markdown
- Programming in Golang (Go)
- Programming in Julia
- Git
- Agile/Scrum
- Continuous Integration and DevOps
- Kanban method
- Software Engineering Project Management
- Messaging using AMQP
- Data Mining
- Natural Language Processing (NLP)/Web Scraping
- “Big Data”
- Jupyter Notebook
- Machine Learning
- Software licensing and Open Source
- Automated Software Distribution projects
- Miscellaneous
- Think about it…
- How to Responsibly Consume (and Feed) the Media
- Disinformation/Misinformation/Malinformation/Computational Propaganda
- Combatting Online Hate and Violence
- Integrity
- How to get politically engaged and resist right-wing over-reach
- Keep it in perspective
- Interesting TED content
- Logic and Logical Fallacies
- Climate disruption, energy efficiency, environmental preservation
- Physics
- Health and wellness
- Intelligence (as in spying), Military, Law Enforcement
- Machine Intelligence, Machine Learning, Automation
- Public Speaking
- Misc
- Unix
- Containerization, Virtualization, “Microservice Architectures”
- Configuration management and automated provisioning
- Virtualbox
- Packer
- Vagrant
- Ansible
- Storing Secrets for Development and Configuration
- Terraform
- Pulumi
- Nomad
- Otto
- Automating Deployment on Cloud Services
- Automated distributed system deployment options using Ansible
- Using
systemd
andupstart
for services - Nginx Reverse Proxy
- Small form-factor hardware systems
- Caching or Mirroring Packages
- Unix System Administration/Monitoring Tools
- Miscellaneous Distributed System Construction
- Incident tracking/trouble ticketing systems
- LiveCD distributions
- Secure Alternative Operating Systems
- Scripting in
bash
- Email and Secure Email Delivery
- Unix Sytem Administration Tasks/Tips/Tricks
- Unix Administration Courses/Tools
- Tar
- Network and Distributed File Systems
- SElinux, Apparmor, GRsecurity
- Linux Kernel
- Dell Edge Server Stuff
- Windows Administration and Security
- Writing
- World Wide Web services, etc.
Bio¶
A number of short- and long-form bios are available in the Biographical info section.
Contact¶
Email: dave.dittrich (at) gmail.com
PGP Key ID: 0xA751C80AD15EE079 (or via hkps://hkps.pool.sks-keyservers.net)
PGP Key fingerprint:
097B 4DCB BF16 E1D8 A06C 7512 A751 C80A D15E E079
The image on the title bar is of a summer sunset in Geneva, Switzerland, July 2013. Copyright © 2013 by David Dittrich, all rights reserved.