“I had the privilege to work with Patrick for almost two years. He joined my team 12 months after the group had been formed and was the catalyst for me to create the role of Lead Engineer to manage the technical complexities of multivendor solutions involving Nortel and 3rd party products. In the role, he demonstrated daily his superb technical knowledge, ability to work with 3rd party partners, sales and product managers and still find time to mentor junior team members into becoming more productive contributors. During this time he lead the introduction of first of kind solutions in the Municipal Wireless space and in Enterprise SIP Security.”
Raleigh, North Carolina, United States
Contact Info
2K followers
500+ connections
About
Activity
-
So. The deed is done. Deal is sealed. Master plan in full effect. Whatever other phrases that could mean I’ll be in Vegas for BOTH BlackHat and…
So. The deed is done. Deal is sealed. Master plan in full effect. Whatever other phrases that could mean I’ll be in Vegas for BOTH BlackHat and…
Liked by Patrick McNeil
-
One unintended byproduct of this past year's "layoff fest" across the industry is that *maybe* we can stop the big-logo pedigree influence. The big…
One unintended byproduct of this past year's "layoff fest" across the industry is that *maybe* we can stop the big-logo pedigree influence. The big…
Liked by Patrick McNeil
-
Possibly unpopular opinion: runtime “virtual patching” is a horrible idea. I get why it’s compelling to #AppSec and #ProdSec orgs that struggle to…
Possibly unpopular opinion: runtime “virtual patching” is a horrible idea. I get why it’s compelling to #AppSec and #ProdSec orgs that struggle to…
Liked by Patrick McNeil
Experience & Education
Licenses & Certifications
Publications
-
The Right Way To Do Wrong: Physical security secrets of criminals and professionals alike
CackalackyCon & Layer 8
In 1905 Harry Houdini wrote his first book entitled “The Right Way to Do Wrong” wherein he divulged the lockpicking and other trade secrets of criminals. People make assumptions about how schemes work and believe them to be complicated, yet in many cases the insider knows how simple they are. Most people assume that besides tailgating and social engineering, real break-ins (or physical security testing) are all about picking locks. However, the secret is that on physical pentests it’s typically…
In 1905 Harry Houdini wrote his first book entitled “The Right Way to Do Wrong” wherein he divulged the lockpicking and other trade secrets of criminals. People make assumptions about how schemes work and believe them to be complicated, yet in many cases the insider knows how simple they are. Most people assume that besides tailgating and social engineering, real break-ins (or physical security testing) are all about picking locks. However, the secret is that on physical pentests it’s typically unnecessary to do that! Some physical controls have known bypasses, and some building contractors (or even locksmiths) don't implement things correctly. Just like Houdini, I’ll be divulging the simple tricks of the trade employed by both criminals and professional physical pentesters to bypass physical controls without using lockpicks. You may be shocked and amazed by what you see, and once you leave you'll be an insider too - seeing insecurity everywhere!
-
Interview on Hotel Room Security and Privacy
Shared Security Weekly Blaze w/Tom Eston
"Hotel security has been a hot topic being debated in the cybersecurity and privacy communities ever since the annual DEF CON hacking conference which was recently held in Las Vegas. The conference hotel security staff at Caesars Palace, conducted random hotel room searches unbeknownst to conference attendees. This caused a firestorm of criticism from conference goers but also brought attention to how we all should all think about the security and privacy of the hotel rooms we stay in. In this…
"Hotel security has been a hot topic being debated in the cybersecurity and privacy communities ever since the annual DEF CON hacking conference which was recently held in Las Vegas. The conference hotel security staff at Caesars Palace, conducted random hotel room searches unbeknownst to conference attendees. This caused a firestorm of criticism from conference goers but also brought attention to how we all should all think about the security and privacy of the hotel rooms we stay in. In this episode I want to share with you some helpful tips and advice to increase your security and privacy while staying in a hotel room." - Tom Eston
-
The 3 Ways of DevSecOps – Making Shift Happen
DevOpsMidwest 2018
During the Agile revolution, the wider software development community discovered the benefits of shifting testing left. The primary benefits included reduced schedule risk, higher team confidence and reduced development costs. Additionally, developers have gotten better at writing functional code and fewer things are found late in the cycle. What if we tried the same with security? Would we see the same benefits? Absolutely! Let’s talk about how to make shift happen in your SDLC.
What…During the Agile revolution, the wider software development community discovered the benefits of shifting testing left. The primary benefits included reduced schedule risk, higher team confidence and reduced development costs. Additionally, developers have gotten better at writing functional code and fewer things are found late in the cycle. What if we tried the same with security? Would we see the same benefits? Absolutely! Let’s talk about how to make shift happen in your SDLC.
What you will learn:
1. A bit about DevOps and DevSecOps
2. Why shift didn’t happen historically
3. How to make shift happen
4. The benefits of shifting in your workplace
5. Some of the keys to building an effective DevSecOps program -
Building a Successful Application Security Program
Charlotte Metro ISSA Summit
Application security requires more than testing for vulnerabilities. It requires thoughtful planning. Those who are reducing application risks are approaching AppSec as a program, not a tool. You must consider not just the technology aspect of the initiative, but people and process as well. This presentation will outline the typical application security journey and the elements of building a successful AppSec Program such as:
Determining your organization’s current maturity and appetite for…Application security requires more than testing for vulnerabilities. It requires thoughtful planning. Those who are reducing application risks are approaching AppSec as a program, not a tool. You must consider not just the technology aspect of the initiative, but people and process as well. This presentation will outline the typical application security journey and the elements of building a successful AppSec Program such as:
Determining your organization’s current maturity and appetite for AppSec, Gaining executive buy-in, Training and working with the development team, Creating security awareness around first-party vs open source code, Managing a program, Measuring results. Attend this session and learn: 1. Understanding of fundamental building blocks for a great AppSec program; 2. A simple maturity model to baseline and track progress; 3. The importance of tracking Open Source risk; 4. A strategy to make it all work. -
All The Sales President's Men (BSidesLV 2017 & DEF CON 25 Skytalks)
Patrick Mcneil
As technologists and hackers many of us have skills in intelligence gathering or social engineering, but we might not stop to think about how those same skills are being used against us to influence our purchasing decisions as we evaluate vendors for new projects. Now I know you're thinking, "I can spot that a mile away.". No free lunch, vendor party, or booth giveaway is going to sway ME, right? Well, I've got a confession to make - it goes way beyond that. I can be your ally, your advocate…
As technologists and hackers many of us have skills in intelligence gathering or social engineering, but we might not stop to think about how those same skills are being used against us to influence our purchasing decisions as we evaluate vendors for new projects. Now I know you're thinking, "I can spot that a mile away.". No free lunch, vendor party, or booth giveaway is going to sway ME, right? Well, I've got a confession to make - it goes way beyond that. I can be your ally, your advocate, and an asset to your organization. I can also be the secret weapon of the sales team - the guy who speaks both languages - sales and tech.
Let me walk you through what happens behind the scenes during the sales cycle at a typical tech company to influence you into buying from them.
Materials available at: https://github.com/unregistered436/BSidesLV-2017 -
Phone Meets Web
This is a presentation I delivered for OWASP DC in November 2016 and OWASP Atlanta in March 2017. It maps some common telephony security issues and fraud schemes to the relevant OWASP Top 10 2013 issues.
-
DerbyCon V: The Phony Pony: Phreaks Blazed the Way
Patrick McNeil & Owen
See publication URL for abstract. Materials also available at: https://github.com/phreakme/DerbyCon5
This talk is similar to the one Owen and I put together for DEF CON 23, but this time we rolled out a new API and Social Engineering Tool front end script for automating attacks. Preakme calls a list of numbers, plays a recording, and collects any digits pressed. Some social engineering skill is required to come up with a pretext that would be plausible. Ex: "As of 9 AM we acquired by…See publication URL for abstract. Materials also available at: https://github.com/phreakme/DerbyCon5
This talk is similar to the one Owen and I put together for DEF CON 23, but this time we rolled out a new API and Social Engineering Tool front end script for automating attacks. Preakme calls a list of numbers, plays a recording, and collects any digits pressed. Some social engineering skill is required to come up with a pretext that would be plausible. Ex: "As of 9 AM we acquired by BigBoxCo. For security purposes please enter your voicemail pin to hear an announcement from our CEO." Once a voicemail password is collected it's possible to commit some high-dollar voice fraud or use that as a foothold for more in-depth social engineering. -
DEF CON 23: Sorry, Wrong Number: Mysteries of the Phone System - Past & Present
DEF CON 23
Exploring the phone system was once the new and exciting realm of “phone phreaks,” an ancestor of today’s computer “hackers.” The first phreaks “owned” and explored the vague mysteries of the telephone network for a time until their activities drew too much attention from the phone companies and law enforcement. The phone system evolved, somewhat, in an attempt to shut them out, and phreaking became both difficult and legally dangerous. Such events paralleled a new personal computer…
Exploring the phone system was once the new and exciting realm of “phone phreaks,” an ancestor of today’s computer “hackers.” The first phreaks “owned” and explored the vague mysteries of the telephone network for a time until their activities drew too much attention from the phone companies and law enforcement. The phone system evolved, somewhat, in an attempt to shut them out, and phreaking became both difficult and legally dangerous. Such events paralleled a new personal computer “revolution” wherein phone phreaks made the transition from the secret subtleties of telephony to the new and mystical frontier of personal computing. Private BBS(s) and, eventually, the Internet was not only the next logical step forward, but also provided “safer” alternatives that still allowed for the thrill of exploring the mysteries of a new modern age. Telephony, and voice security in general, became, as the years passed, something of a lost art to all but those who remember...
(see full description at: https://www.defcon.org/html/defcon-23/dc-23-speakers.html#McNeil) -
Phony Business - What Goes Around Comes Back Around (CarolinaCon 11)
Patrick McNeil & Owen
Exploring the phone system was once the new and exciting realm of “phone phreaks,” some of the first “hackers.” When personal computers became more pervasive, however, BBS(s) and, eventually, the Internet shifted the focus of the information and telecommunication security community. Voice security, and telephony in general, has become, over time, something of a mystery - something more akin to voodoo or black magic. Dial plans? The stuff of legend and nightmares.
In this presentation we…Exploring the phone system was once the new and exciting realm of “phone phreaks,” some of the first “hackers.” When personal computers became more pervasive, however, BBS(s) and, eventually, the Internet shifted the focus of the information and telecommunication security community. Voice security, and telephony in general, has become, over time, something of a mystery - something more akin to voodoo or black magic. Dial plans? The stuff of legend and nightmares.
In this presentation we will attempt to change that perception. Starting with a journey back in time, we will briefly take a look at telephone system evolution and the attacks early systems faced, with our journey ending at today’s "advanced" VoIP systems. Though systems have become more complex, some of the same basic attacks are still prevalent and exploitable. The transition to VoIP has created opportunities for a variety of new attack vectors as well. Come with us on an expedition through time, space, and telephony, as we explain how voice systems are targeted, how they are attacked, and how to defend them with demonstrations and practical tips along the way. -
DEF CON 22 Skytalks: How To Make Money Fast Using A Pwned PBX
Patrick McNeil
Many people who deploy SIP for voice or video don't understand the potential security risks. As a result, there are lots of vulnerable SIP devices connected to the Internet that are easily compromised due to misconfiguration or lack of simple protections. This is fairly common knowledge within the security community, but what most don't realize is that you can do more than just make free phone calls - like get rich quick! In this somewhat irreverent talk I'll discuss...
How SIP…Many people who deploy SIP for voice or video don't understand the potential security risks. As a result, there are lots of vulnerable SIP devices connected to the Internet that are easily compromised due to misconfiguration or lack of simple protections. This is fairly common knowledge within the security community, but what most don't realize is that you can do more than just make free phone calls - like get rich quick! In this somewhat irreverent talk I'll discuss...
How SIP compromises occur and who the primary actors are:
- How did we get here? Why so many vulnerable devices?
- Common discovery and attack methodologies & the weaknesses exploited
- The most common attack tools used, backed up by real world data
- Where most attackers are coming from, again with real data
After a system has been compromised, top ways to make money - how and why they actually work:
- International Revenue Sharing Fraud - calling a high cost destination and splitting the profits
- Toll Bypass - using a PBX local trunk to bypass high per minute rates
- Wangiri & SMS SPAM - missed call or text message to a mobile, return call to high cost destination with profit splitting
- Extortion using a Telephony Denial of Service attack - a quickly rising trend where phone lines are tied up if demands are not met -
Personal Blog - The Placebo Effects
In my blog I break down the latest newsworthy security vulnerabilities for the average user, in a way that can be easily understood. I eliminate the sensationalist media soundbytes and help people understand whether the fancy logo security issue will really impact them - or how to avoid it.
-
How To Make Money Fast Using A Pwned PBX (CarolinaCon 10)
Patrick McNeil
Many people who deploy SIP for voice or video don't understand the potential security risks. As a result, there are lots of vulnerable SIP devices connected to the Internet that are easily compromised due to misconfiguration or lack of simple protections. This is fairly common knowledge within the security community, but what most don't realize is that you can do more than just make free phone calls - like get rich quick! In this somewhat irreverent talk I'll discuss...
How SIP…Many people who deploy SIP for voice or video don't understand the potential security risks. As a result, there are lots of vulnerable SIP devices connected to the Internet that are easily compromised due to misconfiguration or lack of simple protections. This is fairly common knowledge within the security community, but what most don't realize is that you can do more than just make free phone calls - like get rich quick! In this somewhat irreverent talk I'll discuss...
How SIP compromises occur and who the primary actors are:
- How did we get here? Why so many vulnerable devices?
- Common discovery and attack methodologies & the weaknesses exploited
- The most common attack tools used, backed up by real world data
- Where most attackers are coming from, again with real data
After a system has been compromised, top ways to make money - how and why they actually work:
- International Revenue Sharing Fraud - calling a high cost destination and splitting the profits
- Toll Bypass - using a PBX local trunk to bypass high per minute rates
- Wangiri & SMS SPAM - missed call or text message to a mobile, return call to high cost destination with profit splitting
- Extortion using a Telephony Denial of Service attack - a quickly rising trend where phone lines are tied up if demands are not met -
Phone Phreaking, Hacking and Fraud, Oh My!
Healthy Paranoia via Packet Pushers
-
Telephony Denial of Service Prevention and Response
CFCA-FIINA Joint Event, 2013 Uruguay
Identifying and differentiating between service congestion due to an organic event or a targeted Telephony Denial of Service (TDoS) attack can be difficult. Time spent analyzing the event can complicate or delay an operational teams responsive actions. Mitigation of actual attacks once they are identified can require a multi-faceted response coordinated between service providers, their peers, and enterprise operations teams. No single network component…CFCA-FIINA Joint Event, 2013 Uruguay
Identifying and differentiating between service congestion due to an organic event or a targeted Telephony Denial of Service (TDoS) attack can be difficult. Time spent analyzing the event can complicate or delay an operational teams responsive actions. Mitigation of actual attacks once they are identified can require a multi-faceted response coordinated between service providers, their peers, and enterprise operations teams. No single network component that can provide a holistic TDoS prevention solution. The best common practice when mitigating TDoS risk involves the layering of technical controls with policy enforcement points. This session covered the common challenges, tools, technical controls, and policy enforcement methods to best protect communication infrastructure from TDoS. -
TDoS and Fraud – Detect and stop the latest communications threats
Fierce CIO / Oracle
The Department of Homeland Security recently warned against telephony denial of service (TDoS) attacks that threaten an organization’s IP communications system. TDoS is the latest in a long list of threats and fraud scams specifically targeting communications.
- How do TDoS and other potent threats access and abuse communications systems?
- How are communications networks used to commit fraud?
- Effective steps to secure an enterprise communications network
- Debunking common…The Department of Homeland Security recently warned against telephony denial of service (TDoS) attacks that threaten an organization’s IP communications system. TDoS is the latest in a long list of threats and fraud scams specifically targeting communications.
- How do TDoS and other potent threats access and abuse communications systems?
- How are communications networks used to commit fraud?
- Effective steps to secure an enterprise communications network
- Debunking common security mythsOther authors -
SIP Zombies Terrorizing Your PBX & How to keep your brains
Patrick McNeil
CFCA Winter Educational Event, 2013 New Orleans
This presentation was delivered at the Communications Fraud Control Association conference in Feb, 2013, and recorded in May, 2013. It does not take sophisticated hacking skills to be successful at “IP PBX hacking”. This presentation included the methods employed by SIP VoIP attackers, honeypot research results, and a real-time demo of how attackers compromise your IP-PBX. One of the keys to fraud prevention is knowledge of the tools and…CFCA Winter Educational Event, 2013 New Orleans
This presentation was delivered at the Communications Fraud Control Association conference in Feb, 2013, and recorded in May, 2013. It does not take sophisticated hacking skills to be successful at “IP PBX hacking”. This presentation included the methods employed by SIP VoIP attackers, honeypot research results, and a real-time demo of how attackers compromise your IP-PBX. One of the keys to fraud prevention is knowledge of the tools and methods employed by your attackers (Note, if using the link, a Webex player is needed). -
Making UC Secure: A Blueprint for E-SBC Deployments
Oracle - Acme Packet
Enterprises are deploying IP-based unified communications (UC) solutions to increase productivity, improve collaboration, and reduce capital equipment and operating expenses. Conventional IP security products like firewalls and intrusion detection or prevention systems were not designed with real-time communications in mind, and leave organizations vulnerable to security threats.
When introducing UC platforms IT teams must craft new strategies and identify new security solutions to protect…Enterprises are deploying IP-based unified communications (UC) solutions to increase productivity, improve collaboration, and reduce capital equipment and operating expenses. Conventional IP security products like firewalls and intrusion detection or prevention systems were not designed with real-time communications in mind, and leave organizations vulnerable to security threats.
When introducing UC platforms IT teams must craft new strategies and identify new security solutions to protect and control real-time communications flows. Enterprise session border controllers (E-SBCs) are specifically designed to overcome the unique security challenges enterprises typically encounter when introducing unified communications solutions.
Intended for enterprise IT security professionals, this white paper reviews common unified communications security issues and describes how Acme Packet Enterprise Session Director E-SBCs, working alongside conventional data security solutions, help businesses safeguard IT assets, mitigate financial loss and legal exposure, and maintain high service levels when deploying real-time communications over IP networks. -
WebRTC Conference & Expo - Panel on Edges and Security
Patrick McNeil
-
NG9-1-1 Security: Testing the Security Capabilities of SBCs
Romain Gallais, Patrick McNeil
-
Enterprise SBC Security: Hype vs. Reality
Patrick McNeil, Allan Konar
-
Acme Packet SBC Security Best Practices
Patrick McNeil
This presentation was delivered at Broadsoft customer conferences in Miami and Denver
- Basics of securing the SBC management environment
- Prevention of reconnaissance scans, enumeration, password guessing, and hash cracking
- DoS/DDoS basics, and specifics for trunking and access architectures
- Response to the most common security incidents
Courses
-
Penetration Testing With Kali Linux
-
Projects
-
sipShield SIP VoIP IPS feature for Acme Packet
I personally developed a SIP IPS feature called "sipShield" that was deployable on the Acme Packet SBC on my own time, written in the Lua subsystem that was exposed for modular plugins. It was the best received product feature of the year when it was introduced at our customer advisory board in 2013 and it is still in use today as part of the Oracle Acme Packet SBC Security Guide. See https://docs.oracle.com/cd/E55742_01/doc/sbc_security.pdf.
-
SIP VoIP Honeypot Research with [Redacted] East Coast University
-
While working at Acme Packet, one of my east coast university customers and I got to talking about SIP honeypots. He had lots of compute resources but little experience with them. I had no compute resources and lots of interest in setting some up to see what we could do. We started a personal project with permission from his university. The university shall remain nameless at their request for "reasons".
Over the course of three years we ran a honeypot connected to both the Internet and…While working at Acme Packet, one of my east coast university customers and I got to talking about SIP honeypots. He had lots of compute resources but little experience with them. I had no compute resources and lots of interest in setting some up to see what we could do. We started a personal project with permission from his university. The university shall remain nameless at their request for "reasons".
Over the course of three years we ran a honeypot connected to both the Internet and Internet 2. The information collected was used as data for Acme Packet fraud protection technologies including the SIPShield SIP IPS that was integrated into their Session Border Controller. Data was also provided to industry telephony fraud forums, and I spoke about our findings at various conferences.
Besides the "normal" attack tools like SIPVicious that were seen every day, one highlight was that I was also able to detect a common server toolset that was generating attacks from various low cost hosting providers. That toolset appeared to be written by someone who was a potential associate of Al Qaeda, likely to generate money to fund terrorism. I provided the tool signatures and known IP addresses to the FBI for investigation.
Languages
-
Spanish
-
Organizations
-
CackalackyCon
Staff
- Present -
Oak City Locksport
Founding Member / President
- PresentOak City Locksport is the original Raleigh area lockpicking group, founded in 2010 by Katie (aka "squ33k"), and led today by Patrick (aka "unregistered436 (https://twitter.com/unregistered436)"). While we are not a TOOOL (http://toool.us) chapter, we were fostered by the TOOOL US president Deviant Ollam, and we remain friends to this day. We meet once a month to pick locks, share interesting locks or projects, and have a beer with friends. We've been known to run the Lockpick Village at…
Oak City Locksport is the original Raleigh area lockpicking group, founded in 2010 by Katie (aka "squ33k"), and led today by Patrick (aka "unregistered436 (https://twitter.com/unregistered436)"). While we are not a TOOOL (http://toool.us) chapter, we were fostered by the TOOOL US president Deviant Ollam, and we remain friends to this day. We meet once a month to pick locks, share interesting locks or projects, and have a beer with friends. We've been known to run the Lockpick Village at BSidesRDU and CarolinaCon. https://www.meetup.com/Oak-City-Locksport/
-
BSidesRDU Board Member
CFP Lead
-
Recommendations received
2 people have recommended Patrick
Join now to viewMore activity by Patrick
-
After 15 years, I have retired from leading floor security DEF CON . I cherish the relationships built from care of others. Through bomb…
After 15 years, I have retired from leading floor security DEF CON . I cherish the relationships built from care of others. Through bomb…
Liked by Patrick McNeil
-
S David Mitchell will be presenting with us at BSides Roanoke on July 12th! If you want more information about the event, please visit:…
S David Mitchell will be presenting with us at BSides Roanoke on July 12th! If you want more information about the event, please visit:…
Liked by Patrick McNeil
-
On this 4th of July, I just wanted to share this picture of my middle and youngest sons. Two years ago my middle son ( right ) ans his wife packed…
On this 4th of July, I just wanted to share this picture of my middle and youngest sons. Two years ago my middle son ( right ) ans his wife packed…
Liked by Patrick McNeil
-
Veracode is excited to introduce Postman Collection Support, a new feature that expands the capabilities of Veracode Dynamic Analysis to include…
Veracode is excited to introduce Postman Collection Support, a new feature that expands the capabilities of Veracode Dynamic Analysis to include…
Liked by Patrick McNeil
People also viewed
-
Tim Jarosinski
Cyber Security Advocate at GuidePoint Security
Connect -
Lance Fischer
Cybersecurity Architect and Client Advocate
Connect -
Mike Louis
Connect -
Jimmy Xu
Connect -
Victor Wieczorek
Connect -
Samantha (Freels) Salazar
Connect -
Stephanie Williams-McKendree
Connect -
Bryan Orme
Connect -
Krissy Kruk
North Carolina Marketing Lead at GuidePoint Security
Connect -
Amanda McLaughlin
Connect
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Patrick McNeil in United States
-
Patrick McNeil
-
Patrick McNeil
-
Patrick McNeil
-
Patrick McNeil
Director, Investment Platform Governance & Execution at Empower
-
Patrick McNeil
124 others named Patrick McNeil in United States are on LinkedIn
See others named Patrick McNeil