|
AppSec USA 2011 - Web Application Security Payloads with Andres Riancho, RAPID 7 |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
AppSec USA 2011 - Web Application Security Payloads with Andres Riancho, RAPID 7 Par SecurityTube.NetLe [2014-03-05] à 08:35:26
Présentation : Web Application Payloads are the evolution of old school system call payloads which are used in memory corruption exploits since the 70's. The basic problem solved by any payload is pretty simple I have access, what now . In memory corruption exploits it's pretty easy to perform any specific task because after successful exploitation the attacker is able to control the CPU memory and execute arbitrary system calls in order to create a new user or run an arbitrary command but in the Web Application field, the attacker is restricted to the system calls that the vulnerable Web Application exposes Local File Read - read OS Commanding - exec SQL Injection - read , write and possibly exec Web Application Payloads are small pieces of code that are run in the attackers box, and then translated by the Web application exploit to a combination of GET and POST requests to be sent to the remote web-server. This talk will introduce attendees to the subject and show a working implementation of Web Application Payloads that uses the system calls exposed by vulnerable Web Applications to collect information from, and gain access to the remote Web server. Our greatest achievement regarding web application payloads is the possibility of automatically downloading the remote application's source code, statically analyzing it to identify more vulnerabilities, and exploit those new vulnerabiliies to keep escalating privileges in the remote system. The Web application payloads implementation was developed as a part of the w3af framework, an open source Web application attack and audit framework developed by contributors around the world since 2007 and lead by Andrés Riancho the speaker since its conception. For More Information please visit - http 2011.appsecusa.org schedule.html slides_video
Les mots clés de la revue de presse pour cet article : security Les videos sur SecuObs pour les mots clés : security Les mots clés pour les articles publiés sur SecuObs : security Les éléments de la revue Twitter pour les mots clé : security
Les derniers articles du site "SecurityTube.Net" :
- TROOPERSCON - Crypto code the 9 circles of testing - TROOPERSCON - Towards a LangSec Aware SDLC - TROOPERSCON - Deep dive into SAP archive file formats - TROOPERSCON - Thanks SAP for the vulnerabilities. Exploiting the unexploitable - TROOPERSCON - An easy way into your multi-million dollar SAP systems An unknown default SAP account - TROOPERSCON - One Tool To Rule Them All - TROOPERSCON - Mind The Gap - Exploit Free Whitelisting Evasion Tactics - TROOPERSCON - The Chimaera Processor - TROOPERSCON - Lets Play Hide and Seek in the Cloud - TROOPERSCON - Planes, Trains and Automobiles The Internet of Deadly Things
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|