About me (Ron)

Welcome to SkullSecurity! If you'd like to email me, I'm ron-at-skullsecurity-dot-net.

I registered "skullsecurity.org" (along with .net and .com) a couple years ago, to host the site for a Shadowrun campaign that ended up with the same name (that's a long story, but maybe I'll tell it some day!). When I created it, I knew it'd be an awesome name for a security site or group or whatever, so I told myself that someday, I'd create a blog there. And here we are.

This blog is, as the tagline (currently) says, "just another security weblog". I've been in the security field for awhile now, and am doing some work that I consider interesting, and thought I'd start sharing it. If you want to know what I'm working on, or what I do for fun, or what I need to access later, check out my wiki.

Anyway, with that aside, a little about myself. My name is Ron Bowes, I'm 24 25 26 27 and have a Bachelors of Computer Science (honours) from the University of Manitoba. I'm also a gold GIAC-certified penetration tester (GPEN), having completed the SANS 560 course (which, by the way, is a fantastic course!). I've worked at several security jobs since graduating, including a security analyst (specializing in application security and penetration testing) for the Province of Manitoba. Currently, I'm a Security Research Engineer at Tenable Network Security, focusing on reverse engineering enterprise software.

I cut my teeth, security-wise, on reverse engineering games for Battle.net, for the purposes of writing emulation bots, non-malicious hacks/plugins, and just plain educational tinkering. To my knowledge, I'm the first to have publicly released code for Warcraft 3 SRP, the Lockdown Modules, and Warden. One of my favourite things I wrote for Battle.net, in my programming infancy, was a Message Spoofer, which would allow users to send various control characters in their messages for effects like colours and alighment. To my knowledge, it was the first and only program that specialized in message spoofing.

My work in late 2008 and all of 2009 revolved around Microsoft's NetBIOS and SMB (aka, CIFS) protocols. Using a fantastic book called Implementing CIFS, by Christopher R. Hertel, I learned how Windows systems talk to each other, on a low level, and how I can manipulate this to assist penetration testers. I wrote a large collection of Nmap scripts to take advantage of this protocol in some interesting ways. You can find lots of blogs on this site about them.

Updated on January 1, 2010

2009 was the first year I participated significantly in the security community. I met a lot of well known folks at Defcon in Vegas and gave my first real presentation at Toorcon in San Diego. I also finished SANS 504 and, toward the start of 2010, started learning the DNS protocol in detail and writing some tools for cute DNS tricks. You can look forward to some blogs about DNS coming up, and hopefully 2010 will be another great year!

If you have any questions, feel free to email me or post a response here!

Bio (updated 2015-09-09)
(I keep needing a bio when submitting talks and keep losing it, so I'll keep it here for safe keeping)

From the time he was in highschool, Ron Bowes was fascinated by hacking and tinkering. He pushed some boundaries early in his career when he was the first to document and publish source code for Battle.net's secure login sequences. When he didn't get in trouble for that, he started publishing password breaches on his site - skullsecurity.org - where they can still be found. After graduating with a Computer Science degree, Ron has been everything from an analyst to a researcher to a PHP dev (yes, PHP dev). Currently, he spends his days as a security engineer at Google and his nights working on open source projects, such as SMB and MSRPC support in Nmap and his DNS-based command-and-control backdoor, dnscat2.

32 thoughts on “About me (Ron)

  1. Reply

    Gregg Keizer

    Ron,

    Apolgies for the name misspelling yesterday. My fault entirely. It's been changed, as you can see...one of the night edits noticed your comment and went into the post to make a correct.

    Send me your contact info -- e-mail at least, phone # too if you don't mind -- for my future ref.

    Thanks much.

    Again, sorry.

    /gregg keizer, computerworld

    1. Reply

      Ron

      Hi Gregg,

      No worries about the name, thanks for fixing it! :)

      I'll send you my info.

      Ron

  2. Reply

    Nong

    Hi Ron
    Can I hire the job for you and I have big money to you also and This job is very easy
    I am waiting your response.
    Thank you

    1. Reply

      Ron

      Hi Nong,

      Thanks for the offer, but I'm not looking for work right now.

      Ron

  3. Reply

    eren yagdiran

    hi ron
    keep on publishing tools ; spoofer is great . nice job!

    1. Reply

      Ron

      Thanks!

  4. Reply

    Nazc4

    Nice website dude ;)

  5. Reply

    jacppe

    Hi Ron, thanks for the information supplied. Is very helpful in my work.
    Jorge

  6. Reply

    Evan

    Hi Ron,

    Remember me?
    Nice blog, I just happend to stumble upon it by chance.

  7. Reply

    Lee

    Hi Ron

    I found this site after following some links for some Nmap research i'm doing. And as it happened i found loads of other useful stuff too.

    Keep up the great work.

    Lee

  8. Reply

    Robb

    Ron,
    Just wanted to give you a heads-up that my engineer, our Chief Geek, is giving you and your website a shout out on our TechWiseTV Security Episode airing live tomorrow at 10 AM PST. Jimmy Ray was really complimentary of your site. Hope you can watch the show or the replay! http://www.cisco.com/offer/atsecurity/192311_26

    Take care,

    Robb
    TechWiseTV
    Cisco

  9. Reply

    akram

    please please please please
    help me to know the password for my girlfriend Facebook account
    and this is the URL:

    http://www.facebook.com/profile.php?id=1036885235

    1. Reply

      Ron Bowes

      I'm going to guess it's the same as the combination on my luggage: 123456

  10. Reply

    akram

    please help me ron

  11. Reply

    akram

    you are my hero

  12. Reply

    akram

    this is her email
    gadoort_2lby_2008@yahoo.com

    i need the password for facebook
    or
    email
    please

  13. Reply

    Greg B

    Ron, great site. greg b from prov who bought you those shakes every now and then....miss having you around to ask about security...cheers Greg

  14. Reply

    Bobby

    Great blog, keep it up! I would like to start my own security blog soon, and you have really awesome resources and information available here. Thanks!

  15. Reply

    daemon

    i happen to see your script of collecting facebook username i want to modify it to get users from a particular country ... please help or else give me a little hint

  16. Reply

    Medeno

    Hi Ron,
    Great work, thank you.
    I have problem, it’s not serious but I want know conversations of my wife Elvedina and Edin Bajramovic. Thanks God we are far away from each other and nothing happened, they wrote each other just couple months.
    His name and e-mail; Edin Bajramovic, e-mail: edy_1977@hotmail.com . Password of his hotmail will be more then welcomed.
    He has facebook is on this name and this e-mail.
    Thank you if you can help.

  17. Reply

    Oskar [ 13E7 ]

    He!!o Ron =D
    Dude, just wanna thank you.
    for all the professional
    tips'n sfuff.
    just found this blog...
    And I had not so good experience aboute hacking.
    And Iv' already learned a lot :D

    Greating's from sweden mate.

  18. Reply

    Josh

    Thank you Ron.
    I am in my second year of a computer science degree and the assembly tutorial on your wiki is absolutely brilliant - you should stick it in a book and sell it.
    If you do release it - even on kindle or free pdf or whatever - let me know :D

  19. Reply

    Hiren A. Pandya

    Hi Ron..
    I m very much interested in security field and currently doing B.Tech in Computer Engineering...

    In future i m thinking about taking the course of SANS. As you specified the course SANS 560, i got interested in the particular course regarding to computer security field in SANS..

    Thank you very much for sharing your knowledge....

  20. Reply

    Artis

    Hi Ron, can you add this to your password list, please http://contest-2010.korelogic.com/wordlists.html

  21. Reply

    TK

    Hello Ron,
    I'm new in network security and I have few questions/problems which I hope You can help me:

    1# How to capture malicious packets incoming on my Windows XP computer and does not affect it with harmful payload.

    And 2# Do You know any open source DHCP client for Windows XP which doesn't rely on netbios service ?

    1. Reply

      Ron Bowes

      Hey TK,

      I do moderate comments, and the email notifications have been broken for months so I didn't realize I had missed any. Sorry. :)

      Ron

  22. Reply

    TK

    Do You filter comments Ron ?
    I send one few days ago and it goes in black hole.

  23. Reply

    wangyun

    Hi Ron, I have met a problem in SAMBA. For some security reason, the new samba release issued a patch in the function "chain_reply" which will do some parameter checking. The checking can block some reply to be chained.

    In my system, the client issued 2 requests in session_setup_andx (both 0x73 and 0x75), with the patch the server replied just 0x73, and then the client issued tree_connect request for the 0x75 and the server replied. The TID item was set to 1 with comments like Tree ID:1 (\\192.168.1.253\IPC$). The later when I tried to open the shared folder on the linux server, I was reminded as "I do not have access to the net". I checked the packages exchanged during the process found that when I tried to open the shared folder, the program still went through the IPC procedure instead of the normal trans2_requests.

    But without the patch the program worked well and the server replied both 0x73 and 0x75 in the session_setup_andx_reply and the TID item was set to 1 without comments, just like Tree ID:1 .

    Please help me about this which already took me 1 week, thanks a lot.

  24. Reply

    TK

    Hello again Ron,

    Is it possible to make exploit based on tcp/ip port exhaustion in Windows (probably in conjunction with svchost and big bandwith usage) - I have attacks on my network and trying resolve problem ?

  25. Reply

    Bill Pollock, No Starch Press

    Just wanted to follow up and say that I'd love to speak with you about book writing.

    Bill Pollock

  26. Reply

    Matt

    Agreed...SANS 560 is awesome

  27. Reply

    Carlos Molina

    Dear Ron,
    My name is Carlos and I am student of master in economics in Colombia. For my thesis, can be excelent if I can get the monthly facebook users by country but they don't want share me the information... I saw that you download information of facebook very easy, so I was guessing if you maybe can help me.

Leave a Reply

Your email address will not be published.