Speaking

Presentations

2020

• Avoiding Breaches using WSL2 and Open Source, WSLConf, March 10, 2020

2019

• Practical ethics for responding to digital crime, David Dittrich and Katherine Carpenter, Microsoft DCC 2019, Lisbon, Portugal, March 27, 2019

2018

• The Active Response Continuum: Ethical and Legal Issues of Aggressive Computer Network Defense, guest lecture to JSIS B 355: Cybersecurity and International Studies, University of Washington, November 15, 2018

• DtSR Episode 322 - The Ethics of Cyber Security Panel, November 15, 2018

• Secure Ops/DevOps: Avoiding default passwords and secrets breaches using open source, UW IT Security Briefing, October 11, 2018

• Managing Secrets: Avoiding default passwords and secrets breaches using open source, with Katherine Carpenter, ToorCon XX, San Diego, CA, September 16, 2018 [YouTube video of ToorCon presentation]

• Securing the 2020 Election Process (…or at least one or two parts of it!) [short version], ISOI XX, Victoria, BC, Canada, April 27, 2018

• Securing the 2020 Election Process (…or at least one or two parts of it!), Black Lodge Research, Redmond, WA, April 15, 2018

• Securing the 2020 Election Process (…or at least one or two parts of it!), Microsoft Digital Crimes Consortium, Panama City, Panama, March 7, 2018

• Securing the 2020 Election Process (…or at least one or two parts of it!), The Agora, Seattle, WA, March 16, 2018

• Securing the 2020 Election Process (…or at least one or two parts of it!) [long version], Seattle Privacy Coalition TA3M meeting, Seattle, WA, March 19, 2018

2017

• Panelist, “Big Data Sharing for Security: Is ‘Big Data’ Worth it?” ACSAC 2017, with Mike Collins and Jean Camp, Moderator Sven Dietrich, Orlando, FL, December 7, 2017

• Invited Speaker, “The Active Response Continuum: Debating the future of ‘hacking back’ in terms of language, ethics, and laws,” NCSC One Conference, The Hague, Netherlands, May 17, 2017

2016

• Invited Keynote Speaker, “Responding to Complex Intrusions (or ‘How to Play Kick the Can in Cyberspace’),” REN-ISAC Annual Member Meeting (RIMM) 2016, Seattle, WA, April 21, 2016

2015

• Invited Speaker, “Learning lessons from the past: Case Studies of what can happen during an intrusion, and what can happen when someone tries to stop it,” NorthWest Academic Computing Consortium (NWACC) Security Working Group, Portland, OR, September 30, 2015

• With great power comes great responsibility: Scaling Responses to DDoS and BotNets Effectively and Safely, by David Dittrich, Coordinating Attack Response at Internet Scale (CARIS) Workshop, June 19, 2015

• Protecting Property in Cyberspace Using “Force”: Legal and Ethical Justifications, by David Dittrich and Katherine Carpenter, ACSC 2015, Canberra, Australia, April 22, 2015

• “With great power comes great responsibility: Operationalizing the ethical review of responses to cybercrime,” David Dittrich and Katherine Carpenter, Microsoft DCC, Miami, FL, March 10, 2015

• Beyond the Range of the Moment: Ethical Response to Cybercrime, David Dittrich and Katherine Carpenter, NANOG 63, San Antonio, TX, February 3, 2015

• Panelist, “Securing Cyberspace Starting at the Local Level,” University of Washington Tacoma, with Mike Hamilton, Anderson Nacimiento, and Chris Richardson, January 21, 2015

• Panelist, “The Anatomy of Data Security Breaches: The Evolving Landscape for Offenders and Law Enforcement Response,” with James M. Aquilina (Stroz Friedberg LLC) and Jenny A. Durkan (former US Attorney, Western District of Washington), The Second Annual Comprehensive Conference on Cybersecurity Law, Seattle, Washington, January 12, 2015 (panel statement)

2014

• Dr. Paul Vixie’s Overview of Internet Takedowns, M3AAWG Town Hall, October 22, 2014 [@27:22 I provide a brief description of a proposed framework for “active response continuum” presented by Katherine Carpenter and me at CyCon 2014, link below.]

• “Ethics in Computer Security Research and Operations,” by David Dittrich, UW CSE / Microsoft Research Summer Institute 2014, July 28, 2014

• “Protecting Property in Cyberspace Using “Force”: Legal and Ethical Justifications,” by David Dittrich and Katherine Carpenter, NATO Cyber Defense Center of Excellence Cyberconflict Conference (CyCon) 2014, Tallinn, Estonia, June 4, 2014. [Local copy of CyCon 2014 slides Talk is online in the Strategy and Law track, 04.06.14, at the CyCon 2014 web site]

• “The Legal and Ethical Challenges with Aggressive Computer Security Research and Operations Actions,” by David Dittrich and Katherine Carpenter, Microsoft Digital Crimes Consortium 2014 meeting, Singapore, Singapore, March 4, 2014. [Local copy of DCC 2014 slides]

• Panelist, “Botnet Takedowns,” Malware, Messaging, and Mobile Anti-Abuse Working Group (M3AAWG) 27th General Meeting, San Francisco, CA, February 20, 2014

• Panelist, “Dismantling and disrupting malware-facilitated crime: case studies and future collaboration opportunities,” Microsoft Global Cybercrime Enforcement Summit, February 11, 2014

• Panelist, “Anatomy of Data Security Breaches: Who is Behind Them,; How Law Enforcement and Targets Respond,” with Richard D. Boscovich (Microsoft) and Jenny A. Durkan (US Attorney, Western District of Washington), Cybersecurity Law and Strategies Conference, Seattle, Washington, January 27, 2014

• Panelist, “Can Companies Afford an Active Defense Strategy?”, with Katherine Carpenter (moderator), Christofer Hoff, Anup Ghosh, Jody Westby, Suits and Spooks 2014, Washington, DC, January 20, 2014

• Panelist, “Exploiting End Points, Devices, and the Internet of Things” with Kurt Baumgartner, Remy Baumgarten, Terry McCorkle, Suits and Spooks 2014, Washington, DC, January 20, 2014

2013

• “Active Defense” panel with Josh Corman, Benjamin Wright, Rob Graham, and Ben Jackson, Pauldotcom Podcast Episode #350, October 25, 2013

• “Offensive Anti-Botnet - So you want to take over a botnet…,” by David Dittrich, North American Network Operators Group (NANOG) meeting 59, Phoenix, AZ, October 8, 2013 [Slides and reference materials. By the way, “my German colleagues” are Felix Leder and Tillmann Werner. I apologize for not crediting them sufficiently in my talk.]

• “So You Want to Take Over a Botnet…,” by David Dittrich, Microsoft Digital Crimes Consortium 2013 meeting, Barcelona, Spain, February 2013. [Local copy of DCC 2013 slides]

• Panelist, “What’s the Downside of Private Sector Offensive Engagement?”, Suits and Spooks 2013, Washington, DC, February 9, 2013

2012

• “Session B18 (Advanced): Ethical Guidelines for Information and Communication Technology Research: The Menlo Report,” David Dittrich, Erin Kenneally, Wendy Visscher, PRIM&R’s Advancing Ethical Research 2012 Conference, San Diego, CA, December 4, 2012

• Panelist, “Joint Cooperation,” United States Attorney’s Office Cybercrime Conference, Seattle, WA, October 27, 2012

• Keynote speaker, “So you want to take over a botnet…,” Discovery 2015 workshop, Pacific Northwest National Laboratory, Richland, WA, September 20, 2012

• So You Want to Take Over a Botnet…, by David Dittrich, LEET ‘12: Fifth USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 2012.

• “A Refined Ethical Impact Assessment Tool and a Case Study of its Application,” by Michael Bailey, Erin Kenneally, and David Dittrich, in Workshop on Ethics in Computer Security 2012, Bonaire, Dutch Antilles, March, 2012

2011

• “Data Breach Then and Now” (Keynote presentation), by David Dittrich, Information Assurance, Network Forensics, Industry and Educators Workshop, September 8, 2011 (Hosted by Highline Community College, Funded by NSF Grant # DUE 0919593)

• “Human Subjects, Agents, or Bots: Current Issues in Ethics and Computer Security Research,” by John Aycock, Elizabeth Buchanan, Scott Dexter, and David Dittrich, in Workshop on Ethics in Computer Security 2011, St. Lucia, April, 2011 [Local copy of paper and slides]

• “Session D3: An Evolved Ethical Framework for Network and Security Research,” David Dittrich, Erin Kenneally, Wendy Visscher, PRIM&R’s Social, Behavioral and Educational Research 2011 Conference, Boston, MA April 29, 2011

• “Session C8: Watching ‘Bad’ Behavior in the Context of Research,” PRIM&R’s Social, Behavioral and Educational Research Conference, Boston, MA, April 28, 2011

2009

• “Visual Analytics in Support of Secure Cyber-Physical Systems,” David Dittrich and Mark P. Haselkorn, Department of Homeland Security Workshop on Future Directions in Cyber-Physical Systems Security, July 22-24, 2009

• Keynote speaker, “The Fight Against Spam: Should We Start to Hit Back?,” Conference on Email and Anti-Spam, Mountain View, CA, July 16, 2009

• Panel: Common Research Issues, DHS S Workshop on Ethical Issues in Network Research, Washington, DC, May 26-27, 2009 + Panel: Ethics in Botnet Research, LEET 09, Boston, April 21, 2009

  [Network World published a story about the panel. The discussion of DDoS tool relates to the Trinoo Distributed Denial of Service Tool writeup, in which I wrote, “During investigation of these intrusions, the installation of a trinoo network was caught in the act and the trinoo source code was obtained from the account used to cache the intruders’ tools and log files. This analysis was done using this recovered source code.” The hole in question that I used to copy the files (a + + in a .rhosts file, granting anyone on the internet the ability to access the account) is depicted in this [anonymized] command: echo "rcp 192.168.0.1:leaf /usr/sbin/rpc.listen" in generating a script that was then run on the compromised computer. While I did get permission to view the files, the questionable action was that I had initiated the copying before I had finished identifying someone who could authorize the action and grant me permission. They did, and asked me to promise I would give them full details of how their system was compromised and used, to never disclose the name of their company, or publish any customer data. I have adhered to all aspects of this promises.]

2008

• “Understanding Emerging Threats: The case of Nugache,” (co-presented with Bruce Dang, Microsoft), SOURCE Boston conference, March 2008 (PDF of SOURCE 2008 slides) [Note the predictions I made between 44:55 and 48:45. Most (all?) have come true. Just sayin. :)]

2007

• “Why botnets have evolved into your worst nightmare,” Information Security Decisions 2007, Chicago, November 5, 2007

• “Threat Briefing,” Tokyo, Japan, February 2007

2006

• “Beyond the Noise: Complexity and Network Defense,” Advanced Network Defense Symposium, Air Force Information Warfare Center, San Antonio, TX, September 13-14, 2006

• “Beyond the Noise: More Complex Issues with Network Defense,” IFIP 10.4 Working Group Meeting, Network Security and Infrastructure Response (Carl Landwehr, moderator), Annapolis, MD, June 30, 2006

2005

• “Bots and Botnets - The Automation of Computer Network Attack,” AusCERT 2005, Brisbane, Australia, May 2005

• “The Active Response Continuum to Computer Network Attack,” AusCERT 2005, Brisbane, Australia, May 2005

• “Beat Back the Botnets,” Information Security Decisions 2005, Chicago, IL, May 9, 2005

• Panelist following Rich Pethia’s keynote “Computers Under Attack, What Shall We Do?”, Cutter Consortium Summit 2005, Boston, MA, May 2, 2005

• “Tactical Integration: Honeypots, Honeynets, and the Honeywall,” GOVCON 2005, Crystal City, VA, March 30, 2005

• “Beat Back the Botnets,” Webcast, March 23, 2005

2004

• “The Manuka Project” (database for cataloging clean/compromised system disk images), paper presentation, IEEE Information Assurance Workshop, June 11, 2004 (Power Point)

• “Honeypots, Honeynets, and the Honeywall,” ARO Information Assurance Workshop, UW, March 3, 2004 (Power Point)

2003

• “Looking at Vulnerabilities”, Microsoft Campus, Microsoft Campus, August 25, 2003 (Power Point)

• “DDoS: A look back from 2003”, Internet2 DDoS In-Depth Workshop, August 6, 2003

• Seattle University CSSE 492/592 version of FIRE

  • MD5 hash of ISO

  • Instructions on how to burn this ISO to a CDROM

  • FAT: General Overview of On-Disk Format, Microsoft

  • Microsoft Extensible Firmware Initiative FAT32 File System Specification, Microsoft

  • Harley Hahn’s Student Guide to Unix, McGraw-Hill, 1996, ISBN 0-07-025492-3

  • Linux Magic Numbers

  • JPEG File Interchange Format (JFIF)

• Honeypots and Honeynets, presentation to National Association of Attorneys General, UW, April 14, 2003 (Power Point)

• “What if you hit back? Counter-intelligence and Counter-attack,” I4 meeting, Seattle (April 2003)

• “Looking at Vulnerabilities,” TOPOFF-2, March 2003 (Power Point)

2002

• Post Intrusion Concealment and Log Alteration, June 2002

• Recent Developments in DDoS, June 2002

• CanSecWest CORE ‘02 Slides and tools, April 2002

2001

• Recent Developments in DDoS: Unwitting agents and the “Power” bot, notes for FIRST teleconference, November 2001

2000

• CanSecWest CORE ‘01 “Honeynet Project Forensic Challenge” slides, April 2001 (Power Point)

• Invited Talk, “Distributed Denial of Service, MIT Applied Security Research Group, October 6, 2000

• Invited Talk, “DDoS: Is There Really a Threat?,” USENIX Security Symposium, August 16, 2000 (Power Point slides of USENIX 2000 talk)

• Panelist at the Tomorrow’s Technology Today (T3) Conference, Pittsburgh, PA, April 8, 2000

• Distributed Denial of Service - A New Threat, 2000 JASON Summer Study Program invited talk

• Panelist at Distributed Denial of Service (DDoS) BoF, NANOG 18 Meeting, February 7, 2000

• Panelist at Distributed Denial of Service (DDoS) BoF, RSA Conference 2000, January 17, 2000

1999

• Some TCP/IP Vulnerabilities, Seattle Agora Meeting, December 10, 1999

• Presentation on Distributed Denial of Service attacks at CERT Distributed-Systems Intruder Tools Workshop, November 2, 1999

• Quarterly Departmental Support meeting Security talk, 1999

  • What can be done with limited time to secure Unix systems?

  • What can be done with limited time to secure Windows NT systems?

• Information Security Management Overview, August 1999

1998

• Host and Network Security in the Internet Age: DSL, @Home, ISDN, etc., Seattle Unix User’s Group, 1998

• Unix Security Overview, 1998

1997

• Panelist at SANS ‘97 technical conference (SA4) Problem Tracking Systems Panel/Workshop, April 1997 [SANS 97 Trip report, Power Point Slides of talk on QnA, HTML version]

1996

• Sun’s Java langauge, 1996

• Talks on Java and Unix Security at AUUG WET’96 in Darwin, Northern Territory, Australia (4/96)

1994

• An Introduction to WWW, 1994

• Unix System Security, 1994

Courses

• Honeynet Project Forensic Challenge course materials, SANS FIRE 2001

• Training Ninja at Black Hat ‘00 [Course notes for Unix forensics class w/Dominique Brezinski]

Interviews

• KUOW Weekday: The Virus Hunters, (Guests: Dave Dittrich, Affiliate Researcher with the I-School and UW’s Center for Information Assurance and Cybersecurity, Stephen Toulouse, Security Program Manager, Microsoft Security Response Center, and Sam Curry, Vice President for Security Management at Computer Associates), May 14, 2004 [Weekday MP3] [Weekday RealAudio archive]

• Audio interview on DDoS attacks with Brian Martin [attrition.org] and Dave Dittrich, by Brian S. McWilliams, PC-radio.com, February 22, 2000

• Panelist on the Diane Rehm show (WAMU radio, NPR affiliate) along with Jeffrey Hunker (coordinator for security, infrastructure protection, and counter-terrorism for the National Security Council), James Adams (CEO of iDefense), and Elias Levy (SecurityFocus.com), February 17, 2000

• Info.sec.radio interview (Originally broadcast March 6, 2000)