Resume of Bram Matthys (syzop@vulnscan.org)

Knowledge

Work Experience

• - After 5 years, back at my old employer as a part-time sys-/netadmin
• - School now has ~200 computers
• - Work is still very much diverse, however, key aspects are: security (wifi, servers, etc.) and server management.

• - Providing custom coding and consultancy to various companies troughout the world (US, Germany, France, Belgium, Luxembourg, Norway, Hungary, Mexico, Australia, ..).
• - Coding/consultancy includes large projects for commercial companies, such as coding and/or maintaining: customer support systems, messenging services, restricted/paid chat systems, ..
• - Also doing non-IRC related consultancy such as server managament (security hardening, apache, proftpd, mysqld, etc), PHP coding, and more

• - Converted the entire network from coax to UTP
• - Installed a secure internet router/firewall & new Internet uplink
• - Merging internal networks, converting a network from Novell to Linux+NT
• - A _lot_ of Windows (NT/2000) and Linux security measures both at server and desktop (you know students..)
• - Installing backup systems, UPS, writing backup procedures
• - Basic hardware installation/management, ended up with 100 desktops for students throughout the school.

Volunteer Projects

• - Implemented spamfilter: to my knowledge the first real spam filter at the IRCd level
• - Redesigned channelmode +f: A build-in anti-flood system in the IRCd, making it respond in real-time, also avoiding the need of bots
• - Implemented extended channelmodes system: allowing another 32 more channelmodes, all in a clear framework, fully modulized
• - Implemented extended bans: not originally my idea, but the first major ircd using this concept
• - Countless bugfixes and other small features

Other Projects

• SUBCOM, 1999 - A project that (mis)uses the ISDN protocol to allow some limited free data transfer (10bps), this was before I had a cable connection and my phone bills were getting expensive ;). Implemented via a modified Linux kernel that hacked into ISDN layer 2 to send extra framedata when calling (such as "calling party subaddress"). Included it's own protocol (including segmentation), own chatserver, etc. It was a nice way to chat for free ;).
• HokIRCd, 2001 - I wrote my own IRCd in VB (how un-leet), over 10.000 lines of code, using it's entire own protocol, zip, ssl, and most of important of all supporting a mesh link topology. This was just a proof-of-concept thing written in my summer vacation, it was never meant for public/mass use. I gained a lot of experience from it however ;).
• Spoofit, 2001 - An utility that can blindly spoof a connection from any IP address to Windows 95/98/NT/2000. It tries to guess the ISN (Initial Sequence Number) range and then performs the spoof. It was especially designed for use on the Internet from a normal *DSL/cable broadband connection. It takes just a few seconds to spoof for W9X/NT, and 5-10m for 2000+. Originally meant for releasing to the public, but for some unknown reason never done ;)
• Honeypot, 2002 - A project where I set up my own honeypot (to catch hackers). I also wrote several Linux kernel modules such as one that locks down the system if a certain file is hit (rm -rf protection), a logger, and some others I want to keep private ;).
• Security, 1999-2005 - While my publications (well, bugtraq posts) on security are quite limited, I've been quite active in this field. I wrote my first exploit when I was 16, it was a buffer overflow that emulated a struct with function pointers, you can find it here (but please ignore my bad english from back then ;p). In the meantime I occasionally mailed bugtraq/vuln-dev. Another thing I wrote was a tool to check for apache servers being vulnerable to the chunked encoding exploit, at that time I also warned several companies that there server was vulnerable. My most recent proof-of-concept is from 2004 and tries to crash OpenSSL applications vulnerable to the OpenSSL ASN.1 bug. I noticed that for some reason nobody published an exploit/PoC, not even months after the release of the advisory, hence I decided to post it after several people requested it. Over time I've also kept several exploits private (although never abused), such as: snmpd bof, eggdrop fmt bug, IIS 4 DoS, tcpdump DoS, Unreal Tournament DoS, rcrypt/cryptcat crypto weakness, and more. Most of these vulns have been fixed since then.