Michael Schrenk 
       Competitive Intelligence Counterintelligence Training & Speaking      In The News      Contact   
In The News
  Show All   Books   Articles   Interviews   Talks   Data Journalism  


 TALK: ARIZONA STATE UNIVERSITY

ARIZONA STATE UNIVERSITY, Oct 2016
"Security: Metadata & Operations Security"

I had the good fortune to address Phil Simon's class on how metadata influences security and data privacy. It also lead to this blog post on metadata related security issues the SAS website.


 TALK: DEFCON XXIII

DEFCON XXIII, Aug 2015
"Applied Intelligence: Using Information That's Not There"

Organizations continue to unknowingly leak trade secrets on the Internet. To those in the know, these leaks are a valuable source of competitive intelligence. This talk describes how the speaker collects competitive intelligence for his own online retail business. Specifically, you learn how he combines, trends, and analyzes information within specific contexts to manufacture useful data that is real, but technically doesn't exist on it's own. For example, you will learn about the trade secrets that are hidden within sequential numbers, how he uses collected intelligence to procure inventory, and how and why he gauges the ongoing health of his industry and that of his competitors. And on a related note, you'll also learn how the federal government nearly exposed an entire generation to identity fraud.


 INTERVIEW: Christian Science Monitor: Passcode

Joe Uchill July 30, 2015
"Michael Schrenk on stealing data your company gives away for free"

In advance of his presentation at the Def Con conference in Las Vegas, Passcode spoke with Schrenk about the insider information he's paid to glean from the open Internet – and how companies can better protect themselves from having their inside plans exposed or used against them by competitors.
 
"To find out a company's trade secrets, you hire Michael Schrenk."
--The Christian Science Monitor, July 30, 2015


 TALK: DEFCON XXII

DEFCON XXII, Aug 2014
"You're Leaking Trade Secrets"

 
Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.


 BOOK SIGNING: BlackHat 2014

BlackHat 2014 August, 2014

 
It was great meeting new and old readers at my two book signings at the BlackHat 2014 security conference at Mandalay Bay in Las Vegas.

 


 INTERVIEW: Cyveillance

DEFCON Teaser, Jun 2011
"Leaking Trade Secrets: A Conversation with Michael Schrenk" This interview was a lead-in to my talk at DEFCON XXII.
 


 KEYNOTE: SECURE COMPUTING FORUM, DUBLIN IRELAND

Secure Computing Forum, Dublin Ireland, March 13, 2014
"Leaking Trade Secrets: A Conversation with Michael Schrenk"
Online Privacy for Organizations.
 


 TALK: DEFCON XXI

DEFCON XXI, Aug 2012
"How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers"

 
This is the true story of a botnet that created a competitive advantage for a car dealership. This dealership found a website that offered returned lease vehicles—great cars for their inventory—but bad web design and heavy competition from other automotive dealerships made the website useless. In response, a botnet was developed to make automotive purchases with machine precision. With the bot, they could acquire any cars they wanted, without interference from competing dealerships. During its one-year life, this botnet autonomously acquired many millions of dollars in cars. Along the way, it successfully adjusted to competition from a similar bot developed by Russian hackers while maintaining a sufficiently low profile to "stay below the radar" of everyone involved.
 


 INTERVIEW: LAS VEGAS GRIT

Las Vegas Grit Television Pilot, Jan 2013
"Grit Welcomes Michael Schrenk"
Las Vegas Grit is a pilot for a Las Vegas based television talk show. In my appearance, I talk about hacking, writing, future projects and living in Las Vegas.


 ARTICLE: LINUX MAGAZINE

Linux Pro Magazine, Dec 2012 (Cover Story)
"Build a Botnet, Playing nice with Internet Attack Techniques"
This is an article about the constructive things that can be done with destructive technologies. Most people associate botnets with nefarious activities like denial of service attacks on websites or identity fraud. I, on the other hand, associate botnets with the one I developed that autonomously purchased millions of dollars worth of automobiles.
 


 TALK: LAS VEGAS WRITER'S GROUP

Las Vegas Writer's Group, Jun 2012
"Promote Your Career by Writing Non-Fiction"
Michael Schrenk describes how writing non-fiction can advance your a career.
 
The primary focus on the talk was that the more transparency the writer has with the audience, the better the work. In other words, you'll be more successful when your personal reason for writing is in alignment with the topic.
 


 BOOK: NO STARCH PRESS 2ND EDITION (SAN FRANCISCO)

No Starch Press (San Francisco), Apr 2012
"Webbots, Spiders, and Screen Scrapers, 2nd Edition"
The second edition of this book is a major update of the first edition.
New Chapters include:
  Advanced Parsing Techniques
  Scraping Difficult Sites with Browser Macros
  Advanced iMacros Techniques
  Proxies
  Deployment and Scaling

 


 INTERVIEW: SOL LEDERMAN

Sol Lederman, Apr 2012
"Federated Search Blog"
I was interviewed by Sol Lederman on my upcoming book. The entire interview can be heard here: Listen to Mike Schrenk interviewed by Sol Lederman
 


 TALK: O'REILLY WEB CAST

O'Reilly Web Cast, Mar 2012
"Webbots, Spiders, and Screen Scrapers"
This one-hour web cast was in anticipation of my upcoming book of the same title. There were over 600 attendees in the live audience.
 


 INTERVIEW: BBC WORLD SERVICE

BBC World Service, London UK, Aug 2011
"The DEFCON Hacker's Conference"
This was the second of two interviews I did in one day for The British Broadcasting Corporation. This one was conducted live and for BBC World Service (radio).
 


 INTERVIEW: BBC WORLD SERVICE

BBC Radio, London UK, Aug 2011
"The DEFCON Hacker's Conference"
This was recorded interview conducted by BBC Radio in London.
 


 INTERVIEW: SOUTHERN CALIFORNIA PUBLIC RADIO (KPCC 89.3 FM)

Southern California Public Radio (KPCC 89.3 FM), Aug 2011
"The integrity of Software Developers"
I was part of a live panel discussion, where we discussed the integrity of so-called security providers and software developers.
 


 INTERVIEW: ELISABETTA TOLA, BOLOGNA ITALY

Elisabetta Tola, Bologna Italy, Oct 2010
"Innovation in Data-Driven Journalism"
This was a recorded interview I did with Elisabetta Tola, that was later translated into Italian for broadcast in Bologna Italy.
 


 TALK: BBC TELEVISION

BBC Television, London UK, Oct 2010
"The Hidden Internet"
A lecture to the BBC Digital Media Group on less known ways of conducting Data-Based Journalism.
 


 TALK: CENTRE FOR INVESTIGATIVE JOURNALISM, LONDON UK

Centre for Investigative Journalism--City College, London UK, Oct 2010
"The Web Investigator"
A two-day lecture on unconventional ways to conduct online research.
 


 TALK: DEFCON XVII, LAS VEGAS NV

DEFCON XVII, Las Vegas NV, Aug 2010
"Screen Scraper Tricks, Difficult Cases"
Screen scrapers and data mining bots often encounter problems when extracting data from modern websites. Obstacles like AJAX discourage many bot writers from completing screen scraping projects. The good news is that you can overcome most challenges if you learn a few tricks. This session describes the (sometimes mind numbing) roadblocks that can come between you and your ability to apply a screen scraper to a website. You'll discover simple techniques for extracting data from websites that freely employ DHTML, AJAX, complex cookie management as well as other techniques. Additionally, you will also learn how "agencies" create large scale CAPTCHA solutions. All the tools discussed in this talk are available for free, offer complete customization and run on multiple platforms.
    Quoted from the DEFCON XV program
You can watch Michael Schrenk's DEFCON 17 talk here.
 


 DATA JOURNALISM: CENTRE FOR INVESTIGATIVE JOURNALISM, LONDON UK

Centre for Investigative Journalism--City College, London UK, Jul 2010
"The Web Investigator"
A two-day lecture on unconventional ways to conduct online research.
 


 TALK: OWASP LOS ANGELES CHAPTER

OWASP Los Angeles Chapter, Mar 2010
"Creating Competitive Advantages with Webbots"
I was the featured speaker at this Los Angeles Chapter meeting of the OWASP
 


 DATA JOURNALISM: OLA SAMZELLAS ANNONSBILAGA SOM MEDFȏLJER JOURNALISTEN SWEDEN

Ola Samzellas Annonsbilaga Som Medfȏljer Journalisten Sweden, Feb 2010
"Lär Journalister Att Tänak Som Datahackare"


 DATA JOURNALISM: VVOJ UTRICH THE NETHERLANDS

VVOJ Utrich, The Netherlands, Nov 2009
"The European Investigative Journalism Conference"
I presented a series of lectures on unconventional ways to conduct online research.


 DATA JOURNALISM: CENTRE FOR INVESTIGATIVE JOURNALISM, LONDON UK

Centre for Investigative Journalism--City College, London UK, Jul 2009
"Summer School 2009"
I presented a series of lectures on unconventional ways to conduct online research For The Centre for Investigative Journalism at City College, London.


 DATA JOURNALISM: VVOJ BRUSSELS BELGIUM

VVOJ, Brussels Belgium, Nov 2008
"The European Investigative Journalism Conference"
A series of lectures on unconventional ways to conduct online research.


 TALK: PRIVATE EVENT, ZURICH SWITZERLAND

Private Corporate Event, Zurich, Switzerland, Jul 2008 "Online Project Tracking"
Presented the plans and current status of a custom project tracking software use to track resources applied to projects and to calculate bonuses.
 


 INTERVIEW: SENTEO GmBH, MOSCOW RUSSIAN FEDERATION

Senteo GmBH, Moscow Russian Federation, Spring 2008
In 2007 and 2008, I did a lot of work for Senteo, a company that consults to banks on creating customer experience. Most of the clients are banks in Eastern Europe.


 TALK: PRIVATE EVENT, SHARM EL SHIEKH EGYPT

Private Corporate Event, Sharm el Shiekh Egypt, Apr 2008
"Into the Cloud"
Lectured on the benefits of moving corporate reporting and documentation from Excel spreadsheets and FTP servers to web accessible cloud-based services. I shared the stage with author Joseph Pine ("The Experience Economy")
 


 TALK: PRIVATE EVENT, CASA BLANCA MOROCCO

Private Corporate Event, Casa Blanca Morocco, Sep 2008 "Online Techniques for Distributed Organizations"
I presented on several techniques for organizations to connect with a distributed workforce.


 TALK: DEFCON XV, LAS VEGAS NV

DEFCON XV, Las Vegas NV, Aug 2007 "The Executable Image Exploit"
The "Executable Image Exploit" lets you insert a dynamic program into any community website that allows references to off-domain images; like MySpace or eBay. By uploading the following line of HTML to a community website, <img src="http://www.mydomain. com/executable.jpg"> you can launch a dynamic program that masquerades as a static image and capable of reading and writing cookies, analyzing referrer (and other browser) variables and access databases. It is even possible to create an image the causes a browser to execute JavaScript.     Quote from the DEFCON XV program
This lecture described how to disguise computer programs as online images that may be used to gather specific metrics. I also talked about how these methods were used to help a Private Investigator track an online stalker.
You can watch Michael Schrenk's DEFCON 15 talk here.


 ARTICLE: PHP|ARCHITECT

PHP|Architect, Jul 2007 (Cover Story)
"Webbots and Spiders, An Insider's Guide"
Just after my first book was published, I wrote another introduction to writing webbots with PHP and cURL. The article explains the basics of writing automated web agents by solving a common business problem with a ShopperBot.
 


 BOOK: NO STARCH PRESS 1ST EDITION (SAN FRANCISCO)

No Starch Press (San Francisco), Mar 2007
"Webbots, Spiders, and Screen Scrapers, 1st Edition"
This is the first book dedicated to all aspects of automating online tasks.



 TALK: DCPHP, WASHINGTON DC

DCPHP, Washington DC, Oct 2006
"Developing Webbots with PHP"
This presentation highlighted the benefits of writing webbots in PHP/CURL. In addition to explaining how to capitalize on flaws in the current client/server model used by the web, attention was paid to methods for downloading and parsing media.
 
I was very proud that I went on directly after Rasmus Lerdorf, who got the PHP project off the ground in 1995.


 TALK: DEFCON XI, LAS VEGAS NV

DEFCON XI, Las Vegas NV, Aug 2003
"Online Corporate Intelligence"
In this presentation, I enlarged on the previous year's pretension to show how automation can improve Corporate Competitive Intelligence.
 
Follow the link for details on Michael Schrenk's DEFCON XI Talk


 TALK: DEFCON X, LAS VEGAS NV

DEFCON X, Las Vegas NV, Aug 2002
"An Introduction to Writing Webbots and Spiders"
You can have a lot of fun with the Internet by ditching your browser in favor of writing special purpose programs that look for or do very specific things on the Internet. This session will equip you with techniques to extract and interact with data from web sites without a browser, parse and filter data, follow links, deal with encryption and passwords, and manage terabytes of information. You'll also learn why writing these programs is a useful activity, and walk away with ideas and abilities to write useful spiders or web agents of your own design.
    From the DEFCON X program
Follow the link for more information on Michael Schrenk's DEFCON 10 Talk.
 


 ARTICLE: WEB TECHNIQUES MAGAZINE

Web Techniques Magazine, Mar 2000 (Cover Story)
"Writing Intelligent Web Agents"
This article describes methods for designing and writing intelligent web agent software, which use information available on the Internet in some very "non-browser-like" ways. (now maintained by Dr. Dobbs).
 
This was only the second article I had written and sold. After I got paid, I drove down to REI and bought two 9' kayaks and a roof-top rack for my (cool at the time) Dodge Colt Vista.
 


 ARTICLE: COMPUTER WORLD MAGAZINE

Computer World Magazine, Aug 1997
"Fear and Hacking in Las Vegas"
Back in the '90s, I pioneered ways to transmit heart biometrics to physicians over the Internet via a standard browser and simple hardware. Because of the requirements of the medical industry, I became very interested in online security. At the same time, I became frustrated with the data security education available at the time. During this time I discovered that the hacker community was by far the best place to learn about security (it still is). I wanted to attend DEFCON 5, the world's largest hacker convention, but didn't want to offend the extremely conservative consulting firm that employed me. I found the solution to my problem by covering the story for Computer World Magazine. In the process, I got to work with a big-time photographer, Susan Werner, and had a great introduction to writing. (This was my first paying writing gig.) The article is no longer on the Computer World website, but you can read the archive of Fear and Hacking in Las Vegas on the DEFCON website.
 Competitive
 Intelligence
You have a responsibility to know as much as possible about your competition and markets.
 Counter-
 Intelligence
How much information are you giving your competition? Do you have Organizational Privacy policies?
 Training &
 Speaking
Well informed employees are your only true path to Organizational Privacy.
 Online
 Automation
Many online processes can be automated for efficiency and cost savings.
Copyright Michael Schrenk 2024, all rights reserved.
  DEF CON TALKS
DEF CON 23: Applied Intelligence: Using information that's not there
DEF CON 22: You're leaking trade secrets
DEF CON 21: How my BotNet purchased Millions of Dollars in Cars...
DEF CON 17: Screen Scraper Tricks: Difficult Cases
DEF CON 15: The Fabulous Executable Image Exploit
DEF CON 11: Online Corporate Intelligence
DEF CON 10: An Introduction to Writing Webbots and Spiders
DEF CON 5: Computer World: Fear and hacking in Las Vegas
  Organizational Privacy
Keynote: Secure Computing Forum, Dublin Ireland
Data Jounralism
Web Development
Bot Detector