When exploits are blind - Chris Dale

NUUG

Demonstration based presentation. Only intro and outro powerpoint slides. Demonstrate user enumeration using timing attacks. Especially prominent when companies have implemented bcrypt/scrypt/pbkdf#2. Attack vector which is very useful in many cases today, notably against Lync/Skype4B installations today. Further password spray into a solution. Discover, analyze and fully exploit reverse-shell command injection. How to find these across large systems? How dose vulnerability scanners work, and how do they detect this? Introduction to Burp Collaborator. Introduction to script for merging attack data into hundreds of Burp Collaborators. Discover, analyze and fully exploit blind SQL Injection. Demonstrating Burp Intruder cluster bomb attack to enumerate out table data. Recorded at the OWASP Norway Day by NUUG.

lastet opp 10. des. 2018
Nyeste videoer fra NUUG

"Grunnleggende IT-sikkerhet med friheten i behold" med Hans-Petter Fjeld

lastet opp 15. des. 2023

NUUG Meetup 2022-06-07: Free Software for Fabrication

lastet opp 10. juni 2022

NUUG Meetup 2020-12-08: Cory Doctorow - Monopoly, Not Mind Control

lastet opp 16. des. 2020

NUUG Meetup 2020-11-10: Flying rockets with Free Software

lastet opp 11. nov. 2020

NUUG Meetup 2020-10-13: 0G: Escaping the Surveillance Blackhole with Free Mobile Computing

lastet opp 27. okt. 2020
© 2009 - 2024 Foreningen Frikanalen