Wednesday, 30 November 2011

Call for Adjunct Research Supervisors

Adjunct Doctoral Supervisors

- Part time, after hours
- Industry based
- Multiple Volunteer positions available

Company Background & Job Purpose

With over 1,000 IT professionals currently enrolled, Charles Sturt University is one of Australia's largest providers of Postgraduate Information Technology education to Australian students.

Charles Sturt University has developed an innovative Doctor of Information Technology which extends knowledge of the discipline of Information Technology and develops the attributes required to successfully identify, investigate and resolve problems confronting these fields. Students carry out research into a current opportunity or problem confronting information and communication technology, and present the findings in a thesis or portfolio. Students studying the Doctor of Information Technology will generally be working full time in the IT industry, and developing their Doctoral thesis after hours ( refers)

We are seeking part time, industry-based volunteers to assist in supervising Doctoral students conducting research in a wide range of Information Technology topics. As an Adjunct Supervisor, you will work with the principal supervisor at Charles Sturt University and provide expert technical input into the topic being researched. This supervision will include after hours, Webinar-based virtual meetings between you and the student and/or the principal supervisor.

Successful applicants will:

- be appointed as Adjunct Supervisor at Charles Sturt University.
- get the opportunity to network with an elite group of supervisors at the University and in the IT industry.
- gain access to a range of University services such as the online research library.

Training on the technical, ethical, administrative and professional aspects of supervision will be provided.

Key Result Areas:

Charles Sturt University's Doctor of Information Technology provides a complex and challenging research experience and, at its heart, is the key educational role of the supervisor. As a supervisor, your Key Performance Indicators will reflect the crucial role that you play including:
- that you are holding regular, Webinar-based virtual meetings with the student that you are supervising and that these meetings are well planned and have an agenda
- that you are providing the required monthly reporting on the progress of the student that you are supervising, including seeing that agreed targets for the submission of chapters or parts of the project are being met.
- that the student you are supervising believes that you are supplying the required level of support, encouragement, advice and guidance
- that you successfully complete the Charles Sturt University supervisor training program

Completion of a PhD, Doctorate, Research-based Master's degree or equivalent experience in the commercial research industry (preferred).

Extensive experience in the IT industry (essential).

Tuesday, 29 November 2011


The following is a small extract from what will become the GPen Study Guide.

As organizations create documents, the software that they use to create these documents embeds an enormous amount of information in the document files. A good deal of metadata is also included in the file. Much of this metadata is associated with formatting and display of the other data in the file. Besides this formatting metadata, a lot of file creation and editing tools include additional metadata entries that can be very useful for penetration testers during our reconnaissance phase, such as:

· User names: Penetration testers often need user names for exploitation and password-guessing attacks

· File system paths: Knowing the full path of the original file when it was created can reveal useful tidbits about the target organization

· E-mail addresses: This data can be useful if the penetration test scope includes spear phishing tests

· Client-side software in use: Given that client-side exploitation is such a common attack vector, it can be helpful to penetration testers to know which client-side programs are in use

Almost every document type has some form of metadata, but some are richer in metadata than others. The following types of documents, generated and used by most enterprises, are of particular interest to penetration testers:

· pdf files: These files are associated with Acrobat Reader and a variety of other pdf creation and editing tools.

· doc/docx, xls/xlsx, and ppt/pptx files: These files are associated with Microsoft Office suite, but are also used by several other related tools.

· jpg and jpeg: These image files often contain a significant amount of metadata, including data about the camera used to take a picture, the file system of the machine where the image was edited, and details about the image-editing software.

· html and htm: These file types contain web pages, and may at first seem uninteresting. However, their comments and hidden form elements could contain metadata that is very useful to a penetration tester. Additionally, scripts embedded in the HTML may reveal sensitive information or undocumented features of a web application.

Monday, 28 November 2011

What is a hash

With conferences and the like I have been behind in writing up a load of material on topics such as NAP etc. I have not forgotten these. For now, I will start by detailing some terms I have seen used poorly.

To start, I will look at what a hash function is.

Formally, a hash function H is defined as a transformation that takes a variable-size input m and returns a fixed-size string. This fixed string is what we term the hash value h.

We can express this as:    h = H(m)

There are some things we need to know in developing our function h:

  • the input m can be or any length (this includes being smaller than the resulting hash output h, larger than the output or even of the same size).
  • The size of the output h remains the same no matter what the input is. That is, if the output of the hash function returns a length of L bits for a given input m, it must return an output of length L bits for ANY input m.
  • The hash function H(m) is one way. If we have a value h we cannot use this to determine the initial input m.
  • The function, H(x) must be simple and computationally inexpensive to compute. That is, making a table of mapped values and indexing calculated hashes against input must be expensive when compared to making the hash.

Hashing is used primarily in digital signatures and for integrity checks. They also aid in time stamping.


It is stated that a hash needs to be “collision free”. This is wrong. If we think that an 8-bit hash has only 256 possible values, we see that there is an infinite number of collisions as we can have an infinite variability in input. Collisions abound!

Collisions always EXIST IN A HASH FUNCTION. This is NOT the issue. The issue is not the existence of a collision, but the fact that we may be able to calculate the collision and predict it.

A hash function H(x) will have collisions, but the distribution of these collisions should be unpredictable.

If we constrain the length of the input m to a certain value, the number of collisions can be stated to be in the order of:

No. Input messages possible


No. Hashes by Hash length


  • No. Input messages possible = 2(length m)
  • No. Hashes by Hash length = 2^(hash length)
  • Collisions exist.