Curriculum Vitae ====================================================================== ari.edelkind@episec.com Ari Edelkind New York, NY February, 2003 917 968 6991 Highlights_________________________ * I've been working with unix systems for over 8 years now, 6 professionally. * I have experience with FreeBSD, BSDI, Solaris, IRIX, Linux, HP- UX, and others. A list of more operating systems and greater detail is available in the document Skill Set and Certifications. * Most commonly requested unix services (along with many obscure ones) are almost second-nature for me. Some of these include Apache, BIND and djbdns, Sendmail and Qmail, and various SQL servers. * I'm excellent with C programming (9 years), shell scripting (8 years), perl scripting (6 years), and a number of other programming languages. I am also versed in the arts of socket programming and TCP/IP principles. I learned my first programming language at 7 years of age. * I have experience writing exploits, developing complex processor instruction code for use in exploits, and reverse engineering software during exploitation. * I consider the unix kernel familiar ground. I have a thorough understanding of many unix internals. * I have excellent references, including my supervisor of two jobs and as many co-workers as you like. Work_Experience____________________ Bloomberg, L.P. 1/02 - present Network Security At Bloomberg, I evaluated system and network security problems, writing papers illustrating their potential effects and what could be done about them. On some occasions, I was asked to create complex exploits for demonstration as leverage to upper management. I evaluated and suggested modifications to policies, handled the security of other team projects, audited code in C, Fortran, ksh and Perl, acted as the chief forensics analyst with regard to security threats, reverse engineered potentially malicious software, and wrote custom auditing tools. I also ported software to DGUX (when nothing else was assigned) when it was either useful or someone said it couldn't be done. Operating systems: Solaris 2.6-8 HP-UX 10.20 DGUX 4.20 Starmedia Network, Inc. (laid off in good standing) 3/01 - 12/01 Senior System Administrator, security team 9 months At Starmedia, I was one of the chief system administrators in charge of a motley crew of almost 300 unix hosts. In addition to general administration, I was exclusively responsible for account and privilege management and provided second-level support to Starmedia developers and operations personnel. Due to my programming experience, I was assigned most group programming and scripting projects (c, perl, php, ksh, expect/tcl). I took on the task of evaluating applications requested by both developers and system administrators for security issues, for which I proposed and implemented precautions or workarounds, at my discretion. As a member of the security team, I also took part in policy development, pre-employment screenings, and vendor evaluations. Operating systems: FreeBSD 3.1-4.3 Solaris 2.6-8 Taos Mountain, Inc. (laid off in good standing) 12/00 - 2/01 System Administrator (consultant) 3 months At Taos, my main responsibility was to go on consulting assignments, performing any system administration tasks that the client deemed necessary. Due to the waning technical economy, however, Taos did not have as many assignments as they had personnel, and I spent much of my time off-assignment. During this time, I took Taos-sponsored certification courses and tests, studied Check Point Firewall-1, and familiarized myself with HP-UX, which I was not previously able to thoroughly explore. Operating systems: HP-UX 10.20 Linux 2.2 Solaris 7, 8 Windows NT Public Health Research Institute (left to work at Taos) 3/99 - 12/00 Unix System and Network Administrator 21 months PHRI was an excellent employment and learning experience. Its distributed environment enabled me to master multiple unix flavors and the interoperability quirks between them. Network servers consisted of Solaris, IRIX, and Linux hosts, with Solaris holding the majority. I upgraded all systems and applied vendor patches to each, in addition to my own security precautions. Networking equipment I administered was comprised of Cisco routers and switches. I administered user accounts via NIS+, and served files using NFS (with SecureRPC), Netatalk, and Samba. I administered network backups, our Apache web server, mail servers, name servers, directory services, and printing services. I also modified many of the services at PHRI for security and functionality, and I wrote a number of custom utilities and services using C, ksh, Perl, PHP, and Tcl. Last, but not least, I provided a secure and productive shell environment for users (mainly scientists and scientific assistants). Operating systems: IRIX 6.3 - 6.5.4 Linux 2.2 OpenStep 4.2 Solaris 2.3 - 7 Cisco IOS and Supervisor Software Also supported: MacOS 7.6 - 9 Windows 95, 98, 2000, NT Lamers Net Web and Shell Services (company folded) 1/97 - 12/98 Security/System Administrator and Consultant 24 months As a shell hosting, web hosting, and internet service company, Lamers Net exposed me to a large variety of duties. Security was my responsibility alone. I also administered the company's web servers, name servers, mail servers, and irc servers. I wrote custom scripts and programs for administrator usage and user accessibility in C, perl, and ksh. I also provided support for users who needed help or elevated privileges. Operating systems: BSDI 3.0, 3.1 (Freelance) (left to work at PHRI) 2/96 - 2/99 Freelance consultant 37 months Until I moved to New York in '99, I often performed freelance work for individuals and companies, including tutoring, network design and installation, system maintenance, and (my most requested service) host security work. I worked with a range of companies and individuals. Operating systems: FreeBSD 2.1 - 3.0 Linux 2.0 Windows 95, 98, NT Linux General Store (left to work at PHRI) 5/98 - 2/99 Volunteer consultant 9 months Contrary to the store name, the Linux General Store was constantly populated with any variety of Unix flavors. I spent my time there experimenting with new programs and operating systems, assembling beowulf clusters from obsolete hardware, setting up wireless networks, and helping users with system problems. Custom_Works_______________________ I have written a good bit of software over the past years. Some of the more useful packages (written in C) are briefly noted below. For a more complete list of publicly available software and more encompassing descriptions, covering a variety of programming languages, see: http://www.episec.com/people/edelkind/ lx_lib Structural Memory Library 11/00 - present http://www.episec.com/people/edelkind/lx_lib.html lx_lib is a structural data library, designed for security, functionality, speed, and convenience, in that order. With lx_lib, memory allocation is handled using structures, promoting (among other things) more secure programming practices. This is a fully functional work; additional functionality is added as desired or requested. Structural get_opts 4/01 - present http://www.episec.com/people/edelkind/get_opts.html Using a slightly different option parsing method than most, get_opts parses desired arguments into memory structures, which are easily accessed and manipulated. get_opts is designed to be an efficient, easily usable, and extensible option parsing library. This is a complete and fully functional work. Network Authentication Wrapper (libnaw) 9/01 - present http://www.episec.com/people/edelkind/libnaw.html Many programs insufficiently authenticate network connections. Some skip this vital step completely. libnaw wraps network library calls, and authenticates based on the configuration file you create for it. Using libnaw, you can (once complete) force mutual cryptographic authentication, so that both the client and server can be sure who's really on the other end. libnaw is a partially functional work, and is currently under development. slowget Load Tester 9/01 - 9/01 http://www.episec.com/people/edelkind/slowget.html slowget is a metered load testing program allowing site administrators to emulate slow connections to their servers. This is a highly important, yet commonly overlooked, element to generating accurate load testing results. slowget is a complete and fully functional work. fmtlib Binary Auditing Tool 07/02 - 07/02 http://www.episec.com/people/edelkind/fmtlib.html Format string misuse is a dangerous flaw among today's programs and services, yet problems are prevalent. fmtlib is a dynamically loadable shared object that checks calls sent to format string-based functions and checks to see if the format string was passed using writable memory (i.e. memory that could have been loaded with user input). Instances are logged, and may be reviewed at a later date. The current version works with both FreeBSD and DGUX, and may easily be ported to other operating systems and arcitectures. Papers_____________________________ Securing Insecure Programs: Circumventing the Designer Bug 2/01 submitted to Dr. Dobbs Journal (available upon request) Exploit Instruction Code Construction: assisting the manipulation of services on obscure operating systems (preliminary version) 7/02 http://www.suspicious.org/~ae/papers/shellcode.html