TALK: Global Tech Summit /Java2Days/Codemonsters, Sofia Bulgaria | Nov 2018 |
"Malware Included, Third-Party JavaScript as an Attack Vector"
There’s no doubt that today’s developers benefit from imported third-party libraries. Easy to import applications like Google Charts and frameworks like jQuery facilitate quicker software development cycles and more professional results. But while the use of imported third-party libraries is on the rise, there is little awareness that unvalidated, and uncontrolled, third-party include files could also be used as attack vectors for delivering malware. To better understand the potential scope of this problem, this talk shares the results of a survey conducted to gauge the prevalence of websites that import uncontrolled, unvalidated, third-party software. We’ll then look at how these include files could be used to deliver malware, compromise privacy, or deliver ransomware. Finally, we’ll explore ways to mitigate the dangers of importing third-party software libraries.
TALK: Global Tech Summit /Java2Days/Codemonsters, Sofia Bulgaria | Nov 2018 |
"How Metadata Makes Big Data Bigger"
When most people here the word “metadata” they instinctively think of embedded fragments of information that help describe digital photographs or office documents. But in other people’s hands, metadata provides the context where data exists. And that context can be converted into powerful intelligence that expands and enhances available information. When properly applied, metadata can be used to fill-in the gaps between data to reveal a picture that couldn’t be painted by the original data alone. In this talk, you’ll learn how metadata is created from existing data to solve business problems. The speaker will also share techniques he has used to answer questions about the viability of one of his own businesses. Additionally, you will also learn techniques to keep your organization from leaking information through metadata creation.
ARTICLE: PHP ARCHITECT | Jul 2018 |
"Pro Parsing Techniques With PHP, Part Two: Fault Tolerance"
This article is part two, of a three part series, on parsing text with PHP. The previous installment dealt with basic parsing techniques; particularly how parsing becomes easier when you limit your parsing toolkit to only a few, well chosen, tools that you’ll use over and over again. This article is dedicated to fault tolerant parsing techniques.
ARTICLE: PHP ARCHITECT | Jun 2018 |
"Pro Parsing Techniques With PHP, Part One: Simplifying Your Parsing Strategy"
Something nearly every PHP developer does is develop scripts that parse, or extract, information from text documents. There are many reasons why parsing is important, ranging from scraping information from webpages, parsing email messages, searching for specific entries in text files, or to authenticate events in a log file. And while parsing text is a common activity, there is very little instruction on how to extract desired information from a text file. This is the first of a three article series on parsing text with PHP. This installment is a quick primer on how to simplify your parsing strategy.
BOOK: Engineering Approaches to Graphic Design | May 2018 |
"Engineering Approaches to Graphic Design"
Leonardo da Vinci proved that engineering and graphic design are not mutually exclusive. In fact, an engineer’s ability to communicate visually not only assists in documentation and communication, but it also promotes brainstorming and facilitates playful manipulation of ideas. Regrettably, today’s engineers become specialists, and don’t receive training to explore their visual side.
Too many of today’s engineers are needlessly intimidated by art and graphic design. This is baffling because graphic design depends on math and physics—things that engineers are otherwise trained to do. “Engineering Approaches to Graphic Design”, was written in a way that not only teaches the fundamentals of graphic design, but does so in a way that leverages what engineers already know.
View on AmazonTALK: Strata Data Conference, San Jose, CA | March 2018 |
"Understanding Metadata"
When most people think about metadata, they often recall the embedded fragments of information that help define digital photographs or office documents. While these are useful for identification and classification purposes, these are not the most important use cases for metadata. Metadata’s most useful purpose is to create context for information. And once information has context, it becomes powerful.
In this talk, you’ll explore how metadata is used to create competitive advantages through something as simple as sequential numbers. The presenter will also show how he used metadata to better understand if the success of a new online business was built on a bubble, or if the business fundamentals were sound.
TALK: Global Tech Summit, Sofia Bulgaria | October 2017 |
"Social Engineering the News"
It might be called “Fake News” but it’s really social engineering at a massive scale.
And since Fake News taints our information stream, it is also a breach of data integrity,
which should be everyone’s concern. To make his point, Michael Schrenk explores the similarities
between traditional social engineering and what has led to today’s Fake News epidemic.
Additionally, you’ll learn how information is weaponized, who’s making money with fake news, and how it influences decisions at a governmental level (even how countries go to war over false news stories). You’ll also explore techniques to guard against social engineering in your projects.
TALK: DEFCON XXV | Aug 2017 |
"Social Engineering the News"
This apolitical talk explores the similarities between traditional social
engineering and today's "fake news". During this talk, Michael Schrenk will show how
social engineers use OPSEC (Operations Security) to plan a successful social attack.
Additionally, you'll also learn the about the economics of "fake news",
who's making the money, and how much, and how information is weaponized.
This talk will also reveal that the news has been socialized for a long time,
and that socially engineered news lead to the start of the Spanish American War.
We'll also explore techniques to guard against social engineering in general, and specifically
in the media.
TALK: B-Sides MSP, Minneapolis, MN | June 2017 |
"Social Engineering the News"
It might be called "fake news" but at it's heart, it's the latest wave of social
engineering. This apolitical talk explores the similarities between traditional social
engineering and today's "fake news". During this talk, Michael Schrenk will show how
social engineers use OPSEC (Operations Security) to plan a successful social attack.
Additionally, you'll also learn the about the economics of "fake news",
who's making the money, and how much, and how information is weaponized.
This talk will also reveal that the news has been socialized for a long time,
and that socially engineered news lead to the start of the Spanish American War.
We'll also explore techniques to guard against social engineering in general, and specifically
in the media.
TALK: ARIZONA STATE UNIVERSITY | Oct 2016 |
"Security: Metadata & Operations Security"
I had the good fortune to address Phil Simon's class
on how metadata influences security and data privacy. It also lead to this blog
post on metadata related security issues the SAS website.
TALK: DEFCON XXIII | Aug 2015 |
"Applied Intelligence: Using Information That's Not There"
Organizations continue to unknowingly leak trade secrets on the Internet. To those in the know,
these leaks are a valuable source of competitive intelligence. This talk describes how the speaker
collects competitive intelligence for his own online retail business. Specifically, you learn how
he combines, trends, and analyzes information within specific contexts to manufacture useful data
that is real, but technically doesn't exist on it's own. For example, you will learn about the trade
secrets that are hidden within sequential numbers, how he uses collected intelligence to procure inventory,
and how and why he gauges the ongoing health of his industry and that of his competitors. And on a related
note, you'll also learn how the federal government nearly exposed an entire generation to identity fraud.
INTERVIEW: Christian Science Monitor: Passcode | Joe Uchill - July 30, 2015 |
"Michael Schrenk on stealing data your company gives away for free"
In advance of his presentation at the Def Con conference in Las Vegas,
Passcode spoke with Schrenk
about the insider information he's paid to glean from the open Internet – and how companies can better protect themselves from having their inside plans exposed or used against them by competitors.
TALK: DEFCON XXII | Aug 2014 |
"You're Leaking Trade Secrets"
Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade
secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information
at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information
is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets
are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
BOOK SIGNING: BlackHat 2014 | August, 2014 |
It was great meeting new and old readers at my two book signings at the BlackHat 2014 security conference at Mandalay Bay in Las Vegas.
And, thanks for staying and listening to my short talk on why a bot developer works to stop bots.
INTERVIEW: LookingGlass | DEFCON Teaser, Jun 2011 |
"Leaking Trade Secrets: A Conversation with Michael Schrenk"
This interview, with LookingGlass was a lead-in to my talk at DEFCON XXII.
KEYNOTE: Secure Computing Forum, Dublin Ireland | March 13, 2014 |
"Online Privacy for Organizations"
I was thrilled to present this keynote address in Dublin Ireland.
My talk focused on how organizations leak much more information that what
they're aware of, just by doing innocent (looking) things.
TALK: DEFCON XXI | DEFCON XXI, Aug 2012 |
"How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers"
This is the true story of a botnet that created a competitive advantage for a car
dealership. This dealership found a website that offered returned lease vehicles—great
cars for their inventory—but bad web design and heavy competition from other automotive
dealerships made the website useless. In response, a botnet was developed to make automotive
purchases with machine precision. With the bot, they could acquire any cars they wanted,
without interference from competing dealerships. During its one-year life, this botnet
autonomously acquired many millions of dollars in cars. Along the way, it successfully
adjusted to competition from a similar bot developed by Russian hackers while maintaining a
sufficiently low profile to "stay below the radar" of everyone involved.
ARTICLE: LINUX MAGAZINE (Cover Story) | Dec 2012 |
"Build a Botnet, Playing nice with Internet Attack Techniques"
This is an article about the constructive things that can be done with destructive technologies.
Most people associate botnets
with nefarious activities like denial of service attacks on websites or identity fraud. I, on the
other hand, associate botnets with the one I developed that autonomously purchased millions of dollars worth of
automobiles.
TALK: LAS VEGAS WRITER'S GROUP | Jun 2012 |
"Promote Your Career by Writing Non-Fiction"
Michael Schrenk describes how writing non-fiction can advance your a career.
The primary focus on the talk was that the more transparency the writer has with the audience, the better the work.
In other words, you'll be more successful when your personal reason for writing is in alignment with the topic.
BOOK: NO STARCH PRESS 2ND EDITION (SAN FRANCISCO) | Apr 2012 |
"Webbots, Spiders, and Screen Scrapers, 2nd Edition"
The second edition of this book is a major update of the first edition.
New Chapters include:
INTERVIEW: SOL LEDERMAN | Apr 2012 |
"Federated Search Blog"
I was interviewed by Sol Lederman on my upcoming book. The entire interview can be heard here:
Listen to Mike Schrenk interviewed by Sol Lederman
TALK: O'REILLY WEB CAST | Mar 2012 |
"Webbots, Spiders, and Screen Scrapers"
This one-hour web cast was in anticipation of my upcoming book of the same title. There were over 600 attendees in the
live audience.
INTERVIEW: BBC WORLD SERVICE, London UK | Aug 2011 |
This was the second of two interviews I did in one day for The British Broadcasting Corporation. This one was conducted live and for BBC World Service (radio).
INTERVIEW: BBC RADIO, London UK | Aug 2011 |
"The DEFCON Hacker's Conference"
This was recorded interview conducted by BBC Radio in London, and the first of two
BBC interviews I did this day..
INTERVIEW: SOUTHERN CALIFORNIA PUBLIC RADIO (KPCC 89.3 FM) | Aug 2011 |
"The integrity of Software Developers"
I was part of a live panel discussion, where we discussed the integrity of so-called security
providers and software
developers.
INTERVIEW: ELISABETTA TOLA, BOLOGNA ITALY | Oct 2010 |
"Innovation in Data-Driven Journalism"
This was a recorded interview I did with Elisabetta Tola, that was later translated into Italian for broadcast in Bologna Italy.
TALK: BBC TELEVISION, London UK | Oct 2010 |
"The Hidden Internet"
A lecture to the BBC Digital Media Group on less known ways of conducting Data-Based Journalism.
TALK: CENTRE FOR INVESTIGATIVE JOURNALISM, LONDON UK | Oct 2010 |
"The Web Investigator"
A two-day lecture on unconventional ways to conduct online research.
TALK: DEFCON XVII, LAS VEGAS NV | Aug 2010 |
"Screen Scraper Tricks, Difficult Cases"
Screen scrapers and data mining bots often encounter problems when extracting data from modern websites. Obstacles like AJAX discourage many bot writers from completing screen scraping projects. The good news is that you can overcome most challenges if you learn a few tricks.
This session describes the (sometimes mind numbing) roadblocks that can come between you and your ability to apply a screen scraper to a website. You'll discover simple techniques for extracting data from websites that freely employ DHTML, AJAX, complex cookie management as well as other techniques. Additionally, you will also learn how "agencies" create large scale CAPTCHA solutions.
All the tools discussed in this talk are available for free, offer complete customization and run on multiple platforms.
DATA JOURNALISM: CENTRE FOR INVESTIGATIVE JOURNALISM, LONDON UK | Jul 2010 |
"The Web Investigator"
I developed and presented this two-day lecture on unconventional ways to conduct online research.
TALK: OWASP LOS ANGELES CHAPTER | Mar 2010 |
"Creating Competitive Advantages with Webbots"
I was the featured speaker at this Los Angeles Chapter meeting of the OWASP
DATA JOURNALISM: OLA SAMZELLAS ANNONSBILAGA SOM MEDFȏLJER JOURNALISTEN SWEDEN | Feb 2010 |
"Lär Journalister Att Tänak Som Datahackare"
DATA JOURNALISM: VVOJ UTRICH THE NETHERLANDS | Nov 2009 |
VVOJ Utrich, The Netherlands,
"The European Investigative Journalism Conference"
I presented a series of lectures on unconventional ways to conduct online research.
DATA JOURNALISM: CENTRE FOR INVESTIGATIVE JOURNALISM, LONDON UK | Jul 2009 |
"Summer School 2009"
I presented a series of lectures on unconventional ways to conduct online research
For The Centre for Investigative Journalism at City College, London.
DATA JOURNALISM: VVOJ BRUSSELS BELGIUM | Nov 2008 |
"The European Investigative Journalism Conference"
I developed and presented series of lectures on unconventional ways to conduct online research,
and on methods for anonymously communicating with sources.
TALK: PRIVATE EVENT, ZURICH SWITZERLAND | Jul 2008 |
"Online Project Tracking"
Presented the plans and current status of a custom project tracking software use to track resources applied to projects and to
calculate bonuses.
INTERVIEW: SENTEO GmBH, MOSCOW RUSSIAN FEDERATION | Spring 2008 |
In 2007 and 2008, I did a lot of work for Senteo, a company that consults to banks on creating customer experience. Most of the clients are banks in Eastern Europe.
TALK: PRIVATE EVENT, SHARM EL SHIEKH EGYPT | Apr 2008 |
"Into the Cloud"
Lectured on the benefits of moving corporate reporting and documentation from Excel spreadsheets and FTP servers to web
accessible cloud-based services. I shared the stage with author Joseph Pine ("The Experience Economy")
TALK: PRIVATE EVENT, CASA BLANCA MOROCCO | Sep 2008 |
"Online Techniques for Distributed Organizations"
I presented on several techniques for organizations to connect with a distributed workforce.
TALK: DEFCON XV, LAS VEGAS NV | August 2007 |
"The Executable Image Exploit"
This lecture described how to disguise computer programs as online images that may be used to gather specific metrics. I
also talked about how these methods were used to help a Private Investigator track an online stalker.
The "Executable Image Exploit" lets you insert
a dynamic program into any community
website that allows references to off-domain
images; like MySpace or eBay. By uploading
the following line of HTML to a community
website, <img src="http://www.mydomain.
com/executable.jpg"> you can launch a
dynamic program that masquerades as a
static image and capable of reading and
writing cookies, analyzing referrer (and other
browser) variables and access databases. It is
even possible to create an image the causes a
browser to execute JavaScript.
ARTICLE: PHP|ARCHITECT (Cover Story) | Jul 2007 |
"Webbots and Spiders, An Insider's Guide"
Just after my first book was published, I wrote another introduction to writing webbots with
PHP and cURL. The article explains the basics of writing automated web agents by solving
a common business problem with a ShopperBot.
BOOK: NO STARCH PRESS 1ST EDITION (SAN FRANCISCO) | Mar 2007 |
"Webbots, Spiders, and Screen Scrapers, 1st Edition"
This is the first book dedicated to all aspects of automating online tasks.
TALK: DCPHP, WASHINGTON DC | Oct 2006 |
"Developing Webbots with PHP"
This presentation highlighted the benefits of writing webbots in PHP/CURL. In addition to explaining how to capitalize on
flaws in the current client/server model used by the web, attention was paid to methods for downloading and parsing media.
I was very proud that I went on directly after Rasmus Lerdorf, who got the PHP project off the ground in 1995.
TALK: DEFCON XI, LAS VEGAS NV | Aug 2003 |
"Online Corporate Intelligence"
In this presentation, I enlarged on the previous year's pretension to show how automation can improve Corporate
Competitive Intelligence.
TALK: DEFCON X, LAS VEGAS NV | Aug 2002 |
"An Introduction to Writing Webbots and Spiders"
You can have a lot of fun with the Internet by ditching your
browser in favor of writing special purpose programs that look
for or do very specific things on the Internet. This session
will equip you with techniques to extract and interact with
data from web sites without a browser, parse and filter data,
follow links, deal with encryption and passwords, and
manage terabytes of information. You'll also learn why writing
these programs is a useful activity, and walk away with ideas
and abilities to write useful spiders or web agents of your own
design.
ARTICLE: WEB TECHNIQUES MAGAZINE (Cover Story) | Mar 2000 |
"Writing Intelligent Web Agents"
This article describes methods for designing and writing intelligent web agent software, which use information available on
the Internet in some very "non-browser-like" ways. (now maintained by Dr. Dobbs).
This was only the second article I had written and sold. After I got paid, I drove down to REI
and bought two
9' kayaks and a roof-top rack for my (cool at the time) Dodge Colt Vista.
ARTICLE: COMPUTER WORLD MAGAZINE | Aug 1997 |