SAMAEL (Secure, Anonymous, Megalomaniacal, Autonomous, Encrypting Linux) and NARC (Network Analysis Reporting Console)

Presented at DEF CON 14 (2006), Aug. 5, 2006, noon (50 minutes)

From the 1337 hax0rs that brought you Anonym.OS, kaos.theory/security.research presents SAMAEL (Secure, Anonymous, Megalomaniacal, Autonomous, Encrypting Linux), the natural evolution of our secure, automagicically anonymizing operating system, Anonym.OS into a kick-ass anonymizing server! When kaos.theory released the Anonym.OS at ShmooCon in January of this year, we received many requests for features we had already planned to implement: media players, smaller distribution size, office suites, better speed, USB functionality, etc. "Sure," we collectively replied, "we'll get right on that." But we didn't. We tried, but we realized that maintenance releases aren't 1337. Instead, we're back to release SAMAEL, a blackbox gateway that creates -- in a few simple steps -- a secure, anonymizing, transparent firewall and proxy server, protecting its users' love of sex, drugs, and rock and roll from embarrassing public disclosure (even better than the Kennedys). Making use of Gentoo, Transocks, Tor, and sweet, sweet Python, SAMAEL provides all of the services expected in a modern Linux firewall, including DHCP, a Captive Portal, and Web-Based Administration! The guiding principle of Anonym.OS and its derivative projects has remained "Anonymity for Everyone;" kaos.theory's SAMAEL takes that motto to the next level. But there's one more thing. And it doesn't involve sweatshop labor or black turtlenecks. Getting useful, attractive reports out of scanning tools is a bitch. People pay vendors thousands just for some slick charts and graphs. Why? Because SQL is hard for a boot-camp MCSE. So get your 'Security for Dummies' books and your free Nessus downloads ready, folks, because we've got scripts and queries all packaged up as pretty as your mom on a Friday night. kaos.theory's newest member, jonathan white, joins atlas and crew to introduce NARC, the Network Analysis Reporting Console. In its initial release, NARC can utilize output from common security tools like Nessus, Paros, and NMap to populate a database via automated scripts for reporting purposes. Version 0.DC14 also includes rudimentary reporting capabilities.


  • Taylor Banks / dr.kaos - Founder   as dr.kaos (aka Taylor Banks)
    Across the past 9 years, Taylor Banks (aka dr.kaos) has written and delivered training and provided security consultation to thousands of security engineers, architects, managers and executives from hundreds of organizations including Bristol-Myers Squibb, Ernst and Young, FedEx, IBM Global Services, PricewaterhouseCoopers, and VeriSign as well as the US Department of Defense, Federal Bureau of Investigation, the US Marine Corps Computer Emergency Response Team (MARCERT) and the National Security Agency. Prior to 1997, he worked as a network and security consultant for Benedict College, the Environmental Policy Center, Georgia Institute of Technology, Georgia State University, Sodexho Marriott, and SunTrust Equitable Securities. Taylor currently manages the Southeast Systems Engineering group at Caymas Systems. Taylor holds his CISSP and has been certified by CheckPoint, ISECOM, ISS, NAI, Nokia and VeriSign. He is a contributor to the EFF and a member of Usenix, SAGE, ISSA and ISACA as well as an active participant in, and contributor to, numerous open security forums and user groups. He is the organizer for the Defcon Atlanta Group, the founder of kaos.theory/security.research, and has presented at Defcon, ShmooCon, InterZone, LayerOne and numerous ISSA, ISACA and Infragard events.
  • Kevin Miller / digunix as digunix (aka Kevin Miller)
    Kevin Miller (aka digunix) is one of the founding members of the DC404 group. Having recently moved back to Atlanta, he can be found near many a public access point with tools in hand. He needs a job BAD. Hook his ass up or he will make you his bitch. GO VEGAN!!
  • Beth Milliken / beth as beth (aka Beth Milliken)
    Beth Milliken pokes at computers for fun and profit, Beth has been sleeping lately in the wet spot where technology, ethics, and legal issues run together. She is very interested in educating people about protecting themselves on line - from not-so-nice people, as well as not-so-nice legislation. She works in a large building with lots of glass windows and foamy cube-walls. Beth has pieces of paper saying she is certifiable regarding certain bodies of knowledge, but swears she has no knowledge of where the bodies are.
  • Gavin Mead / atlas as atlas (aka Gavin Mead)
    Gavin Mead (aka atlas) is the product of a misspent youth hunched over the comforting glow of a green-and-black CRT. As monitor technology evolved, so did Gavin's interests in computer and network security, specifically in enterprise risk management frameworks and data privacy protection, leading him to the seedy underworld of security consulting where he met the the rest of the kaos.theory crew. Gavin currently works for KPMG's Security, Privacy, and Continuity practice out of Atlanta, performing penetration testing, risk assessment, framework alignment, and policy development engagements. Gavin holds a B.S. from Georgia Tech and participates actively in local security group meetings and public forums.
  • Adam Bregenzer / arcon as arcon (aka Adam Bregenzer)
    Adam Bregenzer (aka arcon) has been working in the IT industry for the last 12 years. Founder of SuperLight Industries, he's a security professional who has gained recognition on the web for websites such as and He resides in Atlanta with his beautiful wife, Lydia.