mailing list archives
2 new videos!
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 20 Jun 2013 08:47:25 -0400
And neither one is about Edward Snowden!!! :>
http://infiltratecon.com/chriseagle.html <--the end of this video is
fixed. It's worth a watch if you weren't at INFILTRATE to see it live.
Often the questions and responses to the questions are the best parts of
http://infiltratecon.com/miguelturner.html <-- In this video Miguel
talks about how he got working mass-Exfiltration from Blind SQLi. This
is important because most of the surviving SQLi's are completely blind.
And while you can quickly build an algorithm to detect them via timing
based attacks, you cannot really USE them for anything without the
techniques shown here.
However, with these techniques, you can efficiently download enough
information from the remote database to analyze the web application
structure, and then proceed from there in our ultimate goal: root on the
box. And my favorite thing about Miguel's talk is that all of it is run
live during the presentation. Instead of a PPT or Prezi, he's running
web pages which link to live WebSiege instances attacking a real app.
All the graphs are generated DURING the presentation. This is code that
works in the wild, on a large scale.
When you got to a technical presentation at INFILTRATE, I want you to
come out slightly more scared than you went in. It's a simple metric.
Miguel's talk fits that metric well.
Description: OpenPGP digital signature
Dailydave mailing list
Dailydave () lists immunityinc com
- 2 new videos! Dave Aitel (Jun 20)