A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The Stuffer - Sean Drzewiecki and Aaron Gudrian and Dr. Ronny L. Bull (ANYCon 2017 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

The Stuffer
Sean Drzewiecki and Aaron Gudrian and Dr. Ronny L. Bull

ANYCon 2017

The Stuffer is a utility which exploits the reserved bits and padding space of multiple layers of the TCP/IP protocol stack for covert data transfer between two or more networked systems. Implemented using a custom Python library, Stuffer is easily integrated into existing or future Python applications. Stuffer is currently implemented as a proof of concept in Python, and could be easily ported to other programming languages such as C/C++. This concept can be leveraged for command and control systems for botnets, as a method of covert data ex-filtration, as well as a pseudo-private line of communication. Current firewall and intrusion detection/prevention technologies are ill-equipped to protect against this data hiding technique.

Sean Drzewiecki is a current undergraduate student of Computer Science at Utica College, also working as an intern for North Point Defense. When not interning or attending classes, Sean works as a System Administrator for the Utica College CS network, developing hypervisor management tools and integrating with existing educational computer systems. Sean's experience with CTF events is extensive, volunteering as a Black Team member for the Central New York Hackathon. Aaron Gudrian is currently an undergraduate student at Utica College working towards his Bachelor of Science in Computer Science with a concentration in Computer Security. Aaron works as an intern for Par Government, providing systems support for research work at the Air Force Research Lab in Rome New York. Outside of class, Aaron has attended multiple CTF events; including HSCTF an introductory CTF game for high school students meant to introduce students to the world of computer science, and the Central New York Hackathon. The Stuffer is Aaron's first major computer security project, and contribution to the information security community. Dr. Ronny L. Bull is an Assistant Professor of Computer Science at Utica College as well as an independent consultant with a focus in computer networking and information security. Dr. Bull earned his Ph.D. in Computer Science at Clarkson University in 2016 with a focus on layer 2 network security in virtualized environments. Ronny earned an A.A.S. degree in Computer Networking at Herkimer College in 2006, and completed both a B.S. and M.S. in Computer Science at SUNYIT in 2011. He also co-founded and is one of the primary organizers of the Central New York Intercollegiate Hackathon event which brings together computer science and cybersecurity students from regional colleges to compete against each other in offensive and defensive cybersecurity activities. Dr. Bull has had the privilege of presenting his research at multiple InfoSec venues such as DEF CON, DerbyCon, BSides Roc, and HackCon Norway.

Back to ANYCon 2017 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast