About Me
Libertyunix is currently a red team professional & professor researching cyber and information security. His research has explored topics such as digital forensics, red team penetration testing, deep learning, IoT, and software defined radio. His graduate research thesis demonstrated the effects physical security systems can play in penetration testing and security assessments.
Contact me
Presented Research
BSIDES Philly 2016 - Where Do I Start?
With breaches dominating the headlines, businesses are quickly starting to realize the critical nature of information security. What makes information security so difficult to manage is the fact that an organization can invest endless amounts of money into the 101 solutions that exist and still be pwned with a single email. At the end of the day organizations don’t understand InfoSec and how to properly train employees. Security awareness training is one of three things for most organizations:
- Stale PowerPoint that teach employees nothing about information security
- A checkbox on an audit form
- Something they have never heard of
My current position as landed me various interactions with businesses that are outside the traditional “audit” spectrum of InfoSec. Simply put for the past 10 years organizations have only incorporate some level of InfoSec into the business because they “had to.” The times haves changed as organizations are starting to adopt security because the “need to/want to.” Problem being “Where do I start?” Pulling from past experience as a physical security engineer and penetration tester this talk will discuss various concepts of SE, how organizations can improve their security by properly training employees and how I am currently trying to bring security to organizations via their culture instead of one two hour talk employees only hear once a year if at all.
Talk: (https://www.irongeek.com/i.php?page=videos/bsidesphilly2016/cj07-where-do-i-start-charles-sgrillo-ii)
BSIDES Philly 2017 & WOPR SUMMIT - Introduction to IoT Penetration Testing
IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The security of these devices is critical as more of these insecure devices come to market. As professional we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, how to build an effective toolset, reverse engineering, and analyzing wireless signals with SRD.
Talk: (https://www.irongeek.com/i.php?page=videos/bsidesphilly2017/bsidesphilly-cg04-iot-devices-are-one-of-the-biggest-challenges-charles-libertyunix-sgrillo)
BSIDES Delaware & PumpCon - Exploiting IoT - An Introduction to BLE
BLE is one of the most common wireless protocols used in IoT devices today. This talk will follow the BLE protocol and apply a 4 phases approach to assessing the security of these devices: Reconnaissance, Sniffing and Capturing, Extracting Sensitive Data, and Exploitation. This talk will demo exploits of IoT devices and walk attendees through the tools and processes to testing similar devices and creating their own CTF to practice on.
Talk: https://www.youtube.com/watch?v=gqlXdqeIVGo