SlideShare a Scribd company logo

A tale of two proxies

Download as PPT, PDF
SensePost
SensePost

Presentation by Haroon Meer, Roelof Tammingh at black hat USA in 2006. This presentation is about Suru, the inline proxy tool developed by Roelof Tammingh. How it works and some of it's features are discussed.

Technology
1 of 32
 
[object Object],Introduction
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Why *another* proxy??
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],… it didn’t happen in one day
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],So…how DOES it work?
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],And what about the content compare?
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],And what about the content compare?
[object Object],So…how DOES it work?
[object Object],[object Object],So…how DOES it work?
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Why Wikto sucks
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Why Wikto sucks
Recon demo
[object Object],[object Object],[object Object],[object Object],Fuzzing with Suru
[object Object],Fuzzing with Suru
[object Object],[object Object],[object Object],Fuzzing with Suru (Demo)
[object Object],[object Object],[object Object],[object Object],[object Object],Other reasons why Suru is nice
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Other reasons why Suru is nice
And now for something completely different.. ,[object Object],[object Object],[object Object],[object Object],I have no future in sales or marketing..
What is it? ,[object Object],[object Object],[object Object],[object Object],[object Object],Why ? ,[object Object],[object Object],[object Object],[object Object]
What about … ,[object Object],[object Object],[object Object],[object Object],[object Object],The goal.. ,[object Object],[object Object],[object Object],[object Object]
How it currently works.. ,[object Object],[object Object],[object Object],[object Object],[object Object]
A brief interlude.. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Scapy simpleness
So… SP_LR simply does… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Visio of payload increase + seq number
But hold on.. This is classic mitm ,[object Object],[object Object],[object Object],[object Object],[object Object]
Since we are inline… ,[object Object],[object Object],[object Object],[object Object]
And obviously header modification is trivial.. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Other Uses.. ,[object Object],[object Object],[object Object],What it needs? ,[object Object],[object Object],[object Object],[object Object]
Window 0 and int3 ,[object Object],[object Object],[object Object],[object Object]
So… ,[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Conclusion

Recommended

Introduce Django
Introduce DjangoIntroduce Django
Introduce DjangoChui-Wen Chiu
 
Advanced I/O in browser
Advanced I/O in browserAdvanced I/O in browser
Advanced I/O in browserEugene Lazutkin
 
All of javascript
All of javascriptAll of javascript
All of javascriptTogakangaroo
 
Everything is Permitted: Extending Built-ins
Everything is Permitted: Extending Built-insEverything is Permitted: Extending Built-ins
Everything is Permitted: Extending Built-insAndrew Dupont
 
All of Javascript
All of JavascriptAll of Javascript
All of JavascriptTogakangaroo
 
Why using finalizers is a bad idea
Why using finalizers is a bad ideaWhy using finalizers is a bad idea
Why using finalizers is a bad ideaPVS-Studio
 
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...EnlightenmentProject
 
Extreme Swift
Extreme SwiftExtreme Swift
Extreme SwiftMovel
 

Recommended

Introduce Django
Introduce DjangoIntroduce Django
Introduce DjangoChui-Wen Chiu
 
Advanced I/O in browser
Advanced I/O in browserAdvanced I/O in browser
Advanced I/O in browserEugene Lazutkin
 
All of javascript
All of javascriptAll of javascript
All of javascriptTogakangaroo
 
Everything is Permitted: Extending Built-ins
Everything is Permitted: Extending Built-insEverything is Permitted: Extending Built-ins
Everything is Permitted: Extending Built-insAndrew Dupont
 
All of Javascript
All of JavascriptAll of Javascript
All of JavascriptTogakangaroo
 
Why using finalizers is a bad idea
Why using finalizers is a bad ideaWhy using finalizers is a bad idea
Why using finalizers is a bad ideaPVS-Studio
 
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...EnlightenmentProject
 
Extreme Swift
Extreme SwiftExtreme Swift
Extreme SwiftMovel
 
Analyse Yourself
Analyse YourselfAnalyse Yourself
Analyse YourselfNorberto Leite
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetUISGCON
 
Hack x crack_scapy2
Hack x crack_scapy2Hack x crack_scapy2
Hack x crack_scapy2Diego Caceres
 
Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filtersMohamed Gamel
 
The jar of joy
The jar of joyThe jar of joy
The jar of joySensePost
 
PenTest using Python By Purna Chander
PenTest using Python By Purna ChanderPenTest using Python By Purna Chander
PenTest using Python By Purna Chandernforceit
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazineSamy Ummy
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Patil
 
DefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPYDefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPYMichael Smith
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginEC-Council
 
Scapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redScapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redDavid Cristóbal
 
Scapy
ScapyScapy
ScapyMohamed Gamel
 
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomezffranz
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigationsMukesh Chaudhari
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksTalal Alharbi
 
Fun with TCP Packets
Fun with TCP PacketsFun with TCP Packets
Fun with TCP PacketsSecurity B-Sides
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad Nehme
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginEC-Council
 
Python begin
Python beginPython begin
Python beginashigirl ZareGoto
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a countryTiago Henriques
 
Walter api
Walter apiWalter api
Walter apiNicholas Schiller
 
Beyond the Basics, Debugging with Firebug and Web Inspector
Beyond the Basics, Debugging with Firebug and Web InspectorBeyond the Basics, Debugging with Firebug and Web Inspector
Beyond the Basics, Debugging with Firebug and Web InspectorSteven Roussey
 

More Related Content

Viewers also liked

Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetUISGCON
 
Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filtersMohamed Gamel
 
The jar of joy
The jar of joyThe jar of joy
The jar of joySensePost
 
PenTest using Python By Purna Chander
PenTest using Python By Purna ChanderPenTest using Python By Purna Chander
PenTest using Python By Purna Chandernforceit
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazineSamy Ummy
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Patil
 
DefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPYDefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPYMichael Smith
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginEC-Council
 
Scapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redScapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redDavid Cristóbal
 
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomezffranz
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigationsMukesh Chaudhari
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksTalal Alharbi
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad Nehme
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginEC-Council
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a countryTiago Henriques
 

Viewers also liked (20)

Analyse Yourself
Analyse YourselfAnalyse Yourself
Analyse Yourself
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
 
Hack x crack_scapy2
Hack x crack_scapy2Hack x crack_scapy2
Hack x crack_scapy2
 
Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filters
 
The jar of joy
The jar of joyThe jar of joy
The jar of joy
 
PenTest using Python By Purna Chander
PenTest using Python By Purna ChanderPenTest using Python By Purna Chander
PenTest using Python By Purna Chander
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazine
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresher
 
DefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPYDefCon 2012 - Bluetooth Monitoring With SCAPY
DefCon 2012 - Bluetooth Monitoring With SCAPY
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul Coggin
 
Scapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redScapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de red
 
Scapy
ScapyScapy
Scapy
 
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined Networks
 
Fun with TCP Packets
Fun with TCP PacketsFun with TCP Packets
Fun with TCP Packets
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - Report
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
 
Python begin
Python beginPython begin
Python begin
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
 

Similar to A tale of two proxies

Beyond the Basics, Debugging with Firebug and Web Inspector
Beyond the Basics, Debugging with Firebug and Web InspectorBeyond the Basics, Debugging with Firebug and Web Inspector
Beyond the Basics, Debugging with Firebug and Web InspectorSteven Roussey
 
Spring Cloud Gateway - Nate Schutta
Spring Cloud Gateway - Nate SchuttaSpring Cloud Gateway - Nate Schutta
Spring Cloud Gateway - Nate SchuttaVMware Tanzu
 
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingPART-3 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingFastBit Embedded Brain Academy
 
No Hugging, No Learning
No Hugging, No LearningNo Hugging, No Learning
No Hugging, No LearningOlaf Alders
 
Workshop - The Little Pattern That Could.pdf
Workshop - The Little Pattern That Could.pdfWorkshop - The Little Pattern That Could.pdf
Workshop - The Little Pattern That Could.pdfTobiasGoeschel
 
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingJava Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingTal Melamed
 
Python in the land of serverless
Python in the land of serverlessPython in the land of serverless
Python in the land of serverlessDavid Przybilla
 
Mining Social Web APIs with IPython Notebook (Strata 2013)
Mining Social Web APIs with IPython Notebook (Strata 2013)Mining Social Web APIs with IPython Notebook (Strata 2013)
Mining Social Web APIs with IPython Notebook (Strata 2013)Matthew Russell
 
Reark : a Reference Architecture for Android using RxJava
Reark : a Reference Architecture for Android using RxJavaReark : a Reference Architecture for Android using RxJava
Reark : a Reference Architecture for Android using RxJavaFuturice
 
How to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringHow to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringAndrew Kirkpatrick
 
2019 StartIT - Boosting your performance with Blackfire
2019 StartIT - Boosting your performance with Blackfire2019 StartIT - Boosting your performance with Blackfire
2019 StartIT - Boosting your performance with BlackfireMarko Mitranić
 
Don't break the door, the key is under the doormat
Don't break the door, the key is under the doormatDon't break the door, the key is under the doormat
Don't break the door, the key is under the doormatGerard Fuguet
 
Reproducible datascience [with Terraform]
Reproducible datascience [with Terraform]Reproducible datascience [with Terraform]
Reproducible datascience [with Terraform]David Przybilla
 
10 Ways To Improve Your Code( Neal Ford)
10 Ways To Improve Your Code( Neal Ford)10 Ways To Improve Your Code( Neal Ford)
10 Ways To Improve Your Code( Neal Ford)guestebde
 
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using EclipseUnderstanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipseanshunjain
 
System design for Web Application
System design for Web ApplicationSystem design for Web Application
System design for Web ApplicationMichael Choi
 

Similar to A tale of two proxies (20)

Walter api
Walter apiWalter api
Walter api
 
Beyond the Basics, Debugging with Firebug and Web Inspector
Beyond the Basics, Debugging with Firebug and Web InspectorBeyond the Basics, Debugging with Firebug and Web Inspector
Beyond the Basics, Debugging with Firebug and Web Inspector
 
Spring Cloud Gateway - Nate Schutta
Spring Cloud Gateway - Nate SchuttaSpring Cloud Gateway - Nate Schutta
Spring Cloud Gateway - Nate Schutta
 
Using wikto
Using wiktoUsing wikto
Using wikto
 
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingPART-3 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
 
No Hugging, No Learning
No Hugging, No LearningNo Hugging, No Learning
No Hugging, No Learning
 
Graphql
GraphqlGraphql
Graphql
 
Workshop - The Little Pattern That Could.pdf
Workshop - The Little Pattern That Could.pdfWorkshop - The Little Pattern That Could.pdf
Workshop - The Little Pattern That Could.pdf
 
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingJava Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
 
Python in the land of serverless
Python in the land of serverlessPython in the land of serverless
Python in the land of serverless
 
Mining Social Web APIs with IPython Notebook (Strata 2013)
Mining Social Web APIs with IPython Notebook (Strata 2013)Mining Social Web APIs with IPython Notebook (Strata 2013)
Mining Social Web APIs with IPython Notebook (Strata 2013)
 
Reark : a Reference Architecture for Android using RxJava
Reark : a Reference Architecture for Android using RxJavaReark : a Reference Architecture for Android using RxJava
Reark : a Reference Architecture for Android using RxJava
 
How to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringHow to get started with Site Reliability Engineering
How to get started with Site Reliability Engineering
 
Yahoo is open to developers
Yahoo is open to developersYahoo is open to developers
Yahoo is open to developers
 
2019 StartIT - Boosting your performance with Blackfire
2019 StartIT - Boosting your performance with Blackfire2019 StartIT - Boosting your performance with Blackfire
2019 StartIT - Boosting your performance with Blackfire
 
Don't break the door, the key is under the doormat
Don't break the door, the key is under the doormatDon't break the door, the key is under the doormat
Don't break the door, the key is under the doormat
 
Reproducible datascience [with Terraform]
Reproducible datascience [with Terraform]Reproducible datascience [with Terraform]
Reproducible datascience [with Terraform]
 
10 Ways To Improve Your Code( Neal Ford)
10 Ways To Improve Your Code( Neal Ford)10 Ways To Improve Your Code( Neal Ford)
10 Ways To Improve Your Code( Neal Ford)
 
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using EclipseUnderstanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipse
 
System design for Web Application
System design for Web ApplicationSystem design for Web Application
System design for Web Application
 

More from SensePost

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile explorationSensePost
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationSensePost
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17SensePost
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitSensePost
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksSensePost
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionSensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsSensePost
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine cloudsSensePost
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSensePost
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get HackedSensePost
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application HackingSensePost
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorismSensePost
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summarySensePost
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and DefencesSensePost
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2SensePost
 

More from SensePost (20)

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine clouds
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
 

Recently uploaded

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Recently uploaded (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

A tale of two proxies