SkullSecurity

About me (Ron)

Welcome to SkullSecurity! If you'd like to email me, I'm ron-at-skullsecurity-dot-net.

I registered "skullsecurity.org" (along with .net and .com) a couple years ago, to host the site for a Shadowrun campaign that ended up with the same name (that's a long story, but maybe I'll tell it some day!). When I created it, I knew it'd be an awesome name for a security site or group or whatever, so I told myself that someday, I'd create a blog there. And here we are.

This blog is, as the tagline (currently) says, "just another security weblog". I've been in the security field for awhile now, and am doing some work that I consider interesting, and thought I'd start sharing it. If you want to know what I'm working on, or what I do for fun, or what I need to access later, check out my wiki.

Anyway, with that aside, a little about myself. My name is Ron Bowes, I'm 24 25 26 27 and have a Bachelors of Computer Science (honours) from the University of Manitoba. I'm also a gold GIAC-certified penetration tester (GPEN), having completed the SANS 560 course (which, by the way, is a fantastic course!). I've worked at several security jobs since graduating, and am currently a security analyst (specializing in application security and penetration testing) for the Province of Manitoba. I can't really talk about my work there in detail, but I can talk about my personal work.

I cut my teeth, security-wise, on reverse engineering games for Battle.net, for the purposes of writing emulation bots, non-malicious hacks/plugins, and just plain educational tinkering. To my knowledge, I'm the first to have publicly released code for Warcraft 3 SRP, the Lockdown Modules, and Warden. One of my favourite things I wrote for Battle.net, in my programming infancy, was a Message Spoofer, which would allow users to send various control characters in their messages for effects like colours and alighment. To my knowledge, it was the first and only program that specialized in message spoofing.

My work in late 2008 and all of 2009 revolved around Microsoft's NetBIOS and SMB (aka, CIFS) protocols. Using a fantastic book called Implementing CIFS, by Christopher R. Hertel, I learned how Windows systems talk to each other, on a low level, and how I can manipulate this to assist penetration testers. I wrote a large collection of Nmap scripts to take advantage of this protocol in some interesting ways. You can find lots of blogs on this site about them.

Updated on January 1, 2010

2009 was the first year I participated significantly in the security community. I met a lot of well known folks at Defcon in Vegas and gave my first real presentation at Toorcon in San Diego. I also finished SANS 504 and, toward the start of 2010, started learning the DNS protocol in detail and writing some tools for cute DNS tricks. You can look forward to some blogs about DNS coming up, and hopefully 2010 will be another great year!

If you have any questions, feel free to email me or post a response here!

Bio
(I keep needing a bio when submitting talks and keep losing it, so I'll keep it here for safe keeping)

Ron Bowes entered the security industry during highschool when he taught himself assembly and reverse engineered the login sequences for several popular Blizzard titles (including Starcraft and Warcraft 3). Since then, he obtained a Bachelor of Computer Science at the University of Manitoba, and worked several jobs in the private industry before becoming a Security Analyst for a division of the government. Outside of his day job, he runs a security consulting company (Dash9 Security), he is an active Nmap developer, he compiles and disseminates research data on leaked or cracked passwords, and he currently maintains and developers dnscat, which implements reverse shells over DNS in new and clever ways.