About Dan Tentler

Dan Tentler
Founder/Director of Security Research
AtenLabs

Dan Tentler
    Presentations
    Docs
    Audit Examples (sorry for lack of details, NDAs involved)
    • Client 1: Medical company using a custom portal to keep track of clients medical data. Rife with exploits - sql injection vulnerabilities everywhere, xss in literally every field available for input. Was able to get into the admin control panel using ' or 1=1-- in the username field, then obtained all the other admins credentials via the httpfox firefox toolbar - they were passing cleartext passwords into obfuscated text fields. Was able to ssh into their asterisk red hat machine using some of the creds obtained and ran a local privilege escalation exploit to bring me to root. Was also able to run sqlmap against that same sql-injectable server and obtained a handful of sql usernames, sql architecture, server name, domain and list of databases.
    • Client 2: Primarily forensics work. 10 of their employees all quit on the same day and went across the street, opening a competing business. They came in days after they quit to print financial data, steal passwords, shred evidence etc. They didn't do a very good job. Left a ton of data in the event logs on the AD server, firewall logs of them RDP'ing in from their home IP addresses

    Accreditations, Certs, Achievements and Patents
    • Patent for the Intelligence Chameleon (http://www.wipo.int/pctdb/en/wo.jsp?wo=2006072052)
    • OSCP certification (offensive security certified professional)
    • WCSE certification (websense certified systems engineer)
    • WCTR certification (websense certified training representative)
    • NVBA certification (netvault certified backup administrator)
    • Lead Planner: BarCamp San Diego

    Client List
    • IOActive - Information Security
    • LPL Financial - Information Security
    • Intuit - systems engineering / Information Security
    • Warner Brothers Records - systems engineering
    • Laughing Squid - systems administration and Information Security
    • M5 computer security - systems engineering and Information Security
    • IdeaBlue Networks - Information Security
    • Lunch.com - Information Security
    • Gearfuse.com - systems engineering and Information Security
    • TheLaw.net - systems engineering and Information Security
    • Versa Computing - Information Security
    • E Planet Solutions - Information Security
    • MPAK Technologies - Information Security
    • El Dorado Stone - Information Security
    • DigiSynd - systems administration
    • Zynga - Information Security
    • Lares Consulting - Information Security
    • MWPartners - Systems Engineering
    • OnRamp Wireless - Systems Engineering
    • MindTouch - Systems Architecture