Hammer for Hire

Stacks Image 288
Stacks Image 290
Questions? Comments?

Use this Contact Card
  • IT Security Professional offering extensive experience in infrastructure/extranet design, architecture, and enterprise network security. Internationally recognized industry expert in IT security and Microsoft technologies with over 25 years experience in security, authentication infrastructures, network integration, application development, and business solutions with noted experience in encryption paradigms and key management.
  • Specialization in developing “real world” enterprise-wide policies, procedures, and solutions to secure corporate infrastructures and Internet-facing services while maintaining core business functionality and customer/user needs and requirements.
  • Developed applications for industry-specific solutions such as cryptographic architecture & key management, military aircraft interface development, bio-nuclear research "big data" management, and others for private, government, and military sectors.
  • Developed and implemented networking and application security solutions for institutions such as the US Air Force, Microsoft, the US Federal Courts, regional power plants, and international banking/financial institutions.
  • Independently architected the “TGP – Encryption for the Cloud” encryption paradigm and accompanying Rainmaker cloud-infrastructure key-management APIs. Invited to NSA headquarters to present findings and overview.
  • Designed and implemented secure network infrastructure for the United States Air Force C-17 test facility in Charleston, SC. Integrated WAN infrastructure for secure transmission of classified aircraft performance and flight information between Charleston, SC and Edwards, CA Air Force Bases.
  • Featured trainer at the BlackHat Security Conference and DefCon for over 10 years in venues all over the world teaching self-developed “Microsoft Ninjitsu” security curriculum.
Professional Experience - Resume available upon request
Contract Consultant, HoG (TMT) 2013 - Current

Returned to consultancy practice to provide organizations facing the significant challenge of securing Cloud migrations the best possible architectural services. Cloud Computing requires new and different authentication infrastructures and security must be viewed in a new light. The "same old way" simply won't work, and IT groups are need someone with my experience and expertise to provide the needed guidance.

Older work experience has been removed from this site but my resume is available upon request. I hope this doesn’t sound egotistical, but I have a tremendous skill set and deep experience in security and code engineering, and have a lot to offer the right company. I removed the fluff from this site so that I could concentrate on the right job opportunity and engage the right people. Please contact me for more information.

Principal Security Program Manager, MSFT 2010 - 2013
Contract Consultant, HoG 2009 - 2010
Re-established sole proprietorship consulting firm in order to provide the highest level of technical expertise and customer service available to the client base. Responsible for all internal operations, project management, sales, and technical delivery. Also as an “outsourced executive,” I contracted as a Principal Consultant with a Seattle-based security boutique, and most notably, CEO of a startup “hardware hacking” company, becoming industry leaders in RFID technology, as well becoming the only research organization in the world to ever crack the world-wide GSM cellular standard encryption, under the direction of Dr. Karsten Nohl and Kristen Paget.
  • Extensive experience with internal infrastructure design, authentication and enterprise network security.
  • Extensive and particular emphasis on cryptographic experience in applications, key management, and cloud-based encryption models.
  • Threat Modeling and Risk Assessment / Cost:Benefit analysis and maximization of corporate investments in security and business solutions.
  • High success rate of successfully working with different teams, particularly in contracting scenarios in order to maximize efficiency and minimize corporate churn.
  • Customer liaison and advocate, project/team management, security evangelist.
  • Extensive DMZ/Firewall architecture, design and implementations, most recently in one of the largest internet-facing production networks in the world.
  • Role-based host security for SQL, Web, Mail, and other public facing services. Software architecture and development- .Net, ASP, ASP.NET, MSSQL, C#, PHP, PostgresSQL, Telephony, VoIP, VoFrame.
  • Direct administrative experience with MS Exchange, Postfix, Dovecot, Sieve, IIS, Apache, etc.
  • Vast expertise in Windows Security Engineering, Administration, AD, Group Policy, IPSec, DNS, etc.
  • Professional experience in heterogeneous networking and integration with OSX Linux, and Solaris.
  • Extensive production use of virtualization technologies: VMWare ESX/Workstation, MSFT Hypervisor.
  • Deep experience with Cisco routing configurations early adopter of VoF (voice over frame) techniques before VoIP protocols were even standardized.
  • Remote Access Technologies, including RDP, ARD, SSH, IIS/WebDAV, TSGateway and other.
  • Personally delivered financial solutions and implementation planning for Royal Bank of Canada and their Canadian network of NEC ATMs, as well as for PayPal, eBay, and others.
  • Excellent written and oral communication skills, with over 25 years experience with training and public speaking.
  • Distinguished Speaker, National Security Agency (NSA)
  • Multiple security conference "Best Speaker" awards
  • Member, American Mensa
  • Member, International High IQ Society
  • Microsoft Certified Systems Engineer (MCSE)
  • Microsoft Certified Trainer (MCT)
  • Microsoft Certified Partner (MCP)
  • Microsoft “Most Valuable Professional” in Windows Enterprise Security; awarded 4 years in succession.
    (I feel compelled to note the MSFT certifications were acquired when they actually meant something, and not the sinecures they have become today.)
  • Speaker, "DefCon XX" July 2012: Socialized Data – Making Facebook Your Cyber-Mule. This talk focused on ways to generate and distribute video files with embedded side-channel communication audio (frequency modulation and amplitude variances) created from deltas of the spectral density of graphic images. This side-channel data (embedded in the audio track of video clips) was then posted to Facebook as a source for covert data exchange. This works even with Facebook’s re-encoding of posted video files.
  • Distinguished Speaker, National Security Agency (NSA) and United States Cyber Command Cyber-security Conference Series; April 2012, NSA Headquarters, MD. Presented TGP encryption paradigm and Socialized Data – Using Social Media to Exchange Covert, Undetectable, Side-Channel Data.
  • Featured Speaker, Insomni’Hack 2012 security conference and Capture the Flag event, Geneva School of Engineering, Geneva Switzerland. Delivered two sessions: RDP Security (demonstrating a new one-of-a-kind tool) and Least Privilege and Security in Depth in Process Design.
  • Published Author, Thor's Microsoft Security Bible; 2011, Timothy "Thor" Mullen. Publisher: Syngress/Elsevier.
  • Published Author, Stealing the Network: The Complete Series Collector’s Edition, Final Chapter, and DVD; 2009, Timothy Mullen, Johnny Long, and Ryan Russell. Publisher: Syngress.
  • Published Author, Stealing the Network: How to Own a Shadow; 2007, Timothy Mullen, Johnny Long, and Ryan Russell. Publisher: Syngress.
  • Published Author, Stealing the Network: How to Own an Identity; 2005, Timothy Mullen, Ryan Russell, Riley Eller, Jay Beale, FX, Chris Hurley, Tom Parker, Brian Hatch, and Johnny Long. Publisher: Syngress.
  • Published Author, Stealing the Network: How to Own a Continent; 2004, Timothy Mullen, FX, Paul Craig, Joe Grand, Fyodor, Ryan Russell, and Jay Beale. Publisher: Syngress.
  • Published Author, Stealing the Network: How to Own the Box; 2003, Timothy Mullen, Ryan Russell, Ido Dubrwsky, FX, and Joe Grand. Publisher: Syngress.
  • Featured Researcher, Hacker Japan Magazine; 2003, Timothy Mullen. Publisher: Byakuya-Shobo, Co.
  • Technical Editor, Windows XP Professional Security; 2002, Chris Weber and Gary Bahadur. Publisher: McGraw Hill.
  • Published Author, Hacker’s Challenge: The Genome Injection; 2001, Contributing Author. Publisher: McGraw Hill.
  • Columnist, Microsoft Security Segment, SecurityFocus.com; (52 published articles).
  • Published Technologist, Tweaking Social Security to End Identity Theft; 2008, SecurityFocus.com InFocus Technical Article.
  • Published Technologist, Blocking Traffic by Country on Production Networks; 2008, SecurityFocus.com InFocus Technical Article.
  • Published Technologist, Building Smart DMZs; 2007, Security Horizon Technical Article.
  • Published Technologist, Securing Exchange Server in the Enterprise: Tricks and Traps; 2003, SecurityFocus.com InFocus Technical Article Series.
  • Published Technologist, XP Professional Security Features: An Introduction; 2002, SecurityFocus.com InFocus Technical Article Series.
  • Published Technologist, Restrict Anonymous: Enumeration and the Null User; 2001, Security Focus InFocus Tech Article Series.
  • Published Technologist, Hardening Windows in the Enterprise; 2001, SecurityFocus.com InFocus Technical Article Series.
  • Professional Trainer/Curriculum Developer, Microsoft Ninjutsu – Black belt Edition -- ISA Ninjutsu, Secure Development of Data-driven Web Applications -- Secure Enterprise Remote Access Strategies BlackHat Briefings and Trainings, multiple venues world-wide, 2001 - 2010.
  • Speaker, RFID Mythbusting; 2009, DefCon 17.
  • Speaker, Social Insecurity; 2005, West Coast Security Forum (Winner, Best Speaker Award).
  • Speaker, Securing Windows Infrastructures; 2004, West Coast Security Forum (Winner, Best Speaker Award).
  • Speaker, Brute Forcing Terminal Server Logons with TSGrinder; 2003, BlackHat Vegas.
  • Speaker, Enforcer; 2003, BlackHat Windows Security Briefings.
  • Speaker, Neutralizing Nimda: Technical, Moral, and Legal Discussions of an Automated Strike-Back; 2002, BlackHat Asia.
  • Speaker, Secure Development of Data-Driven Web Applications; 2002, BlackHat New Orleans.
  • Speaker, Web Vulnerably & SQL Injection Countermeasures; 2001, BlackHat Amsterdam.
  • Speaker, RestrictAnonymous; 2001, DefCon 9.
  • Speaker, RestrictAnonymous; 2001, BlackHat Hong Kong.
  • Invited Guest, Hong Kong Police Force, Security Bureau of Hong Kong; 2001, Physical and logical security evaluation and roundtable regarding continued "reunification" considerations with China and the Transfer of Sovereignty.
  • Speaker, Grabbin' the Creds via SQL2000 Network Libraries; 2001, BlackHat and DefCon, Las Vegas.
  • Thor's Password Machine
    The only password "strength" tester based on tangible, measurable metrics, which can be the basis of policy as opposed to the ambiguous reference to "strong" or "weak" which have no meaning in themselves. This tool has become the standard tool of measure for many different companies. A full explanation is available here.
  • TPG - Thor's Godly Privacy
    Despite the tongue-in-cheek name, TGP is a powerful could-based encryption utility allowing for wide distribution of encrypted material and key data. Full information is available here.
  • ThoRDP (Thor's Remote Desktop Protocol Proxy)
    Source-port RDP TCP proxy redirector for security-in-depth RDP solutions. Automatic RDP client "wrapper" to instantiate a local proxy for source-port nailing in conjunctions with inbound source-port-specific firewall rules. This is the only tool of its kind.
  • Extra-Outlook
    Productivity tool developed out of research into the Outlook user-mode memory allocation and separation to allow one to open multiple independent instances of Outlook in the same memory space to support multiple connections to different Exchange Servers. An extremely popular tool used by Outlook users world-wide; executable code written by the ever talented Jason Geffner.
  • TSGrinder (Terminal Services Brute Force Tool)
    The only Terminal Services (RDP) brute-force tool in the world. Originally written to illustrate critical weaknesses in the MSFT implementation of RDP for Windows 2003, futher development for 2008+ was eliminated as MFST implemented changes to RDP that addressed the issues I exposed.
  • UserDump (account information enumerator)
    Very old utility to dump all users' information with a null session, even with "Restrict Anonymous" implemented. I removed this (and other) tools because they were so old and *shouldn't* be applicable to current installations, however, users immediately contacted me wondering where it was. It's scary to think there are installations out there where this tool would be of value, but that's life in the big city.
  • ProbeTS (Probe Terminal Services)
    Utility to dump all server/system roles of a target via a null session. I originally designed this to find hosts with the Terminal Server role installed, but then expanded it to dump all roles installed on the system such as DNS, Web, Server, etc. Further, if run within a network, it will automatically find and query the Master Browser Server Role host and issue a "query on behalf of" where it will return all systems the host knows exists - which, for a master browser, is a significant information leak.
  • TransportEnum (Transport Enumerator)
    Utility to dump all server/system roles of a target via a null session. I've been quite successful in piping host output from ProbeTS into TransportEnum in order to enumerate all transport protocols bound to the interface queried. This has helped to identify dual-homed servers, a critical point of exposure for infrastructures despite their widely adopted use in the industry.
  • Enforcer
    Commercial network analysis tool designed to identify worm or virus traffic and use a library of attack vectors to “surgically” remove the attack code from the offending box while leaving the attacking host system fully operational. Pioneered work in “anomalous traffic detection.” Architecture by T. Mullen, development code-base by Ryan "Blue Boar" Russell.
  • SQueaL (SQL credential "squealer")
    A tool that impersonates a “rogue” SQL Server and captures NTML credentials upon connection for subsequent cracking. Used to perform internal password strength auditing and Social Engineering engagements.
  • County-by-Country GeoIP Database
    Country-by-country rule sets for ISA/TMG, or any application capable of parsing out XML rulesets. A comprehensive compilation of the world's IP address range provisioning provided by country (in XML) for ISA/TMG administrators to use to create rules to either block or allow traffic based on their own policies.
Stacks Image 210