Talks
your contributions, today
Keynoting 0xcon in Johannesburg this year, I had the immense privilege of talking and sharing ideas about something that is dear to my heart. That is, giving back more than you take. And by giving back I don’t mean *just* doing research or writing tools. Instead, giving back includes things like writing documentation or even just teaching someone else! In my talk, “your contributions, today” I reflected on a current view of practical security research and contributions in a time of ever-increasing systems complexity, abstractions and Instagram reels. By drawing parallels to the “Free-rider Problem” as described in an economics context, I argued that as an industry we need to caution against this phenomenon manifesting by actively making contributions.
Why defend harder won’t work in the long run and what to do instead – arrest criminals
The whole of information/cyber security is founded on the idea that we can defend ourselves into security. But in the history of competitive endeavours nobody has won by playing defence alone. We have this idea that we can wrap our users and systems in enough padding to protect them in a world where guns exist. We’ve leaned so hard into this idea that we’re on the floor and it’s time to look up.
Dress Code – The Talk
TL;DR This post is a summary of the contents of my talk in Defcon 31 AppSec Village last August 2023, and part of what I will explain in Canada at the SecTor conference on the 24th of October 2023 at 4:00 PM.
There are two (big) blocks in this post. Sorry for the length <(_ _)>:
The first part is about the not so well-known CSP bypasses that I found during this research. These can be of use in your next pentest, bug bounty, etc. Have a look at the 8 third-party domains that can be abused to bypass a strict policy to execute that sweet Cross-Site Scripting (XSS) or clickjacking proof of concept that was initially being blocked. The second part takes a step back and delves into the process of getting Content-Securiy-Policy (CSP) data from top 1 million sites and the conclusions I draw from it. After reading this part you will get a sense of how widespread and well-implemented CSP is across the Internet. You will also learn the common pitfalls people fall into when implementing the policy. The tool I wrote to scan and collect this information and review the results can be found in https://github.com/sensepost/dresscode Index Context Bypasses Lab Environment Hotjar Facebook JSDelivr Amazon AWS Cloudfront, Azure, Heroku, Firebase CSP Health Status The Architecture Dashboard – CSP Health Status Conclusions Context Last year I was working on a web application assessment, one of these assessments that are repeated every year in which the analyst has to face a hardened application. Therefore, every year, the report gets smaller and smaller when we look at the number of vulnerabilities.
blackhat_defcon_virtual_vegas_2021.zip
Phew! This year’s hacker summer camp is packed with presentations from several hackers across the globe at Orange Cyberdefense. I can’t possibly go into all of the many details, but hope to give a somewhat compressed view of the highlights!
This year we have a total of 10 representations. Four of those are DEF CON 29 talks, where two are main stage talks, one a demo labs talk and one a radio frequency village talk. On the training side of things, we’re delivering five courses at BlackHat USA 21, and one course at Ringzer0. I’ve been fortunate enough to see the behind the scenes preparation that goes into these and can’t wait for the world to see and experience them too!
Routopsy – Hacking Routing with Routers
This is a summary of our BlackHat USA 2020 talk.
Introduction On some of our engagements, Szymon and I found ourselves on various networks vulnerable to; insecure, misconfigured, and often overlooked networking protocols. These included dynamic routing protocols (referred to as DRP‘s) and first hop redundancy protocols (referred to as FHRP‘s). We decided to focus on these two classes of networking protocols to manipulate traffic flows and identify non-conventional ways of performing Person-in-the-Middle (PitM) attacks. This post details the results of that research and the tool we wrote to explore this attack surface. The tool is called Routopsy and is available on Github.
Page 1 of 1