Dailydave mailing list archives
2 new videos!
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 20 Jun 2013 08:47:25 -0400
And neither one is about Edward Snowden!!! :> http://infiltratecon.com/chriseagle.html <--the end of this video is fixed. It's worth a watch if you weren't at INFILTRATE to see it live. Often the questions and responses to the questions are the best parts of any presentation. http://infiltratecon.com/miguelturner.html <-- In this video Miguel talks about how he got working mass-Exfiltration from Blind SQLi. This is important because most of the surviving SQLi's are completely blind. And while you can quickly build an algorithm to detect them via timing based attacks, you cannot really USE them for anything without the techniques shown here. However, with these techniques, you can efficiently download enough information from the remote database to analyze the web application structure, and then proceed from there in our ultimate goal: root on the box. And my favorite thing about Miguel's talk is that all of it is run live during the presentation. Instead of a PPT or Prezi, he's running web pages which link to live WebSiege instances attacking a real app. All the graphs are generated DURING the presentation. This is code that works in the wild, on a large scale. When you got to a technical presentation at INFILTRATE, I want you to come out slightly more scared than you went in. It's a simple metric. Miguel's talk fits that metric well. -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- 2 new videos! Dave Aitel (Jun 20)