[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dailydave
Subject:    [Dailydave] 2 new videos!
From:       Dave Aitel <dave () immunityinc ! com>
Date:       2013-06-20 12:47:25
Message-ID: 51C2F9DD.9000008 () immunityinc ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


And neither one is about Edward Snowden!!! :>

http://infiltratecon.com/chriseagle.html <--the end of this video is
fixed. It's worth a watch if you weren't at INFILTRATE to see it live.
Often the questions and responses to the questions are the best parts of
any presentation.

http://infiltratecon.com/miguelturner.html <-- In this video Miguel
talks about how he got working mass-Exfiltration from Blind SQLi. This
is important because most of the surviving SQLi's are completely blind.
And while you can quickly build an algorithm to detect them via timing
based attacks, you cannot really USE them for anything without the
techniques shown here.

However, with these techniques, you can efficiently download enough
information from the remote database to analyze the web application
structure, and then proceed from there in our ultimate goal: root on the
box. And my favorite thing about Miguel's talk is that all of it is run
live during the presentation. Instead of a PPT or Prezi, he's running
web pages which link to live WebSiege instances attacking a real app.
All the graphs are generated DURING the presentation. This is code that
works in the wild, on a large scale.

When you got to a technical presentation at INFILTRATE, I want you to
come out slightly more scared than you went in. It's a simple metric.
Miguel's talk fits that metric well.

-dave



["signature.asc" (application/pgp-signature)]

_______________________________________________
Dailydave mailing list
Dailydave@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave


[prev in list] [next in list] [prev in thread] [next in thread]