10:00 AM
to 11:00 AM
Michael Tracy, Chris Rohlf, & Eric Monti: Ruby for Pentesters
54 Attendees
Location
Augustus Ballroom 3-4
Type Testing
Michael Tracy, Chris Rohlf & Eric Monti
Getting up to speed quickly on projects where you're down deep reversing protocols or applications can be challenging at best and catastrophic at worst. In this talk we highlight our use of Ruby to solve the problems we're faced with every day. We use Ruby because it's easy to leverage its flexibility and power for everything from reverse engineering network protocols to fuzzing to static and dynamic analysis, all the way to attacking exotic proprietary enterprise network applications. Having a great set of tools available to meet your needs might be the difference between a successful result for your customer and updating your resume with the details of your former employer.
If you're not familiar with Ruby, we'll lead off by illustrating why Ruby is so powerful, making a case for rapidly prototyping everything from reversing tools to hacked up network clients using our not-so-patented 'bag-o-tricks' approach.
If you're not familiar with Ruby, we'll lead off by illustrating why Ruby is so powerful, making a case for rapidly prototyping everything from reversing tools to hacked up network clients using our not-so-patented 'bag-o-tricks' approach.
Tags Ruby, Audit, Pentesting
11:15 AM
to 12:30 PM
Michael Eddington: Demystifying Fuzzers
68 Attendees
Location
Augustus Ballroom 3-4
Type Testing
Michael Eddington
Fuzzing is an important part of the secure development lifecycle (SDL) and a popular tool for both defensive and offensive security researchers, consultants, and even software developers. With this popularity comes a plethora of fuzzers both open source and commercial. This briefing takes a look at these different fuzzers and provides insights in to "if" and "what" they should be used for. As the developer for Peach, I am often asked to compare various fuzzers and clarify terms tossed around such as Smart and Dumb fuzzing. Additionally the hidden costs and pitfalls will be addressed.
1:45 PM
to 3:00 PM
Eduardo Vela Nava & David Lindsay: Our Favorite XSS Filters and How to Attack Them
77 Attendees
Location
Augustus Ballroom 3-4
Type Testing
Eduardo Vela Nava, David Lindsay
Present several techniques that have been used, are being used, and could be used in the future to bypass, exploit and attack some of the most advanced XSS filters. These would include the new IE8 XSS Filters, browser addons (NoScript), server side IDSs (mod_security, PHP-IDS), and human log-review. We will present innovative techniques that expand the scope of what we think we know about XSS filters. We will give you some ideas on what to do to find your own based upon some real world examples, discoveries, techniques and attacks.
3:15 PM
to 4:30 PM
Stefan Esser: State of the Art Post Exploitation in Hardened PHP Environments
52 Attendees
Location
Augustus Ballroom 3-4
Type Testing
Stefan Esser
When an attacker manages to execute arbitrary PHP code in a web application he nowadays often ends up in hardened PHP environments that not only make use of PHP's internal protections like safemode, openbasedir or disable_functions but also make use of Suhosin and operating system, filesystem or libc level security mechanisms like ASLR, NX, hardened memory managers or unix file permissions. In such a situation taking over the server becomes a challenge and requires PHP shellcode that is able to use local PHP exploits to get around these protections.
This talk will show the problems arising from the different protection mechanisms for PHP shellcode, will give an insight into the internal memory structures of PHP that are required to write stable local exploits and will demonstrate how a special class of vulnerabilities in PHP that also exists in standard functions enables PHP shellcode to get around most of these protections.
This talk will show the problems arising from the different protection mechanisms for PHP shellcode, will give an insight into the internal memory structures of PHP that are required to write stable local exploits and will demonstrate how a special class of vulnerabilities in PHP that also exists in standard functions enables PHP shellcode to get around most of these protections.
4:45 PM
to 6:00 PM
Riley Hassell: Exploiting Rich Content
54 Attendees
Location
Augustus Ballroom 3-4
Type Testing
Riley Hassell
As RIA (Rich Internet Application) technologies flourish onto the marketplace many wonder what impact they will have on the security landscape. Routinely iSEC Partners performs assessments of emerging technologies to better understand their risks and how to remediate these risks in live deployments. As RIA technologies advance vendors move to complex file formats as a solution to deliver rich content. With this in mind iSEC Partners performed an assessment of various file formats used by the popular RIA implementations. During the assessment of these technologies several issues were discovered in the popular technologies. At initial glance these issues may appear harmless. This presentation will demonstrate how these often considered low risk issues can be carefully exploited to have a much deeper impact. Developers should be aware of these common programming mistakes when developing complex file formats, which are especially critical in Rich Internet Applications.
