Enviar pesquisa
Carregar
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
•
1 gostou
•
875 visualizações
M
michelemanzotti
Seguir
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 41
Baixar agora
Baixar para ler offline
Recomendados
Big corporations and financial institutions need secure pull printing services which guarantee a proper encryption, data access control and accountability. This research aimed to perform a MITM attack on multifunction printers with embedded software from the most popular vendors. The results are staggering - similar vulnerabilities have been found in multiple solutions which are exposed to breaking the encryption, collecting any prints from the server and printing at others' expense.
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
Jakub Kałużny
XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe bugs, including those used in jailbreaks. While the XPC bugs in Apple's components are harder and harder to exploit, did we look at non-Apple apps on macOS? As it turns out, vulnerable apps are everywhere - Anti Viruses, Messengers, Privacy tools, Firewalls, and more. This presentation: 1.Explain how XPC/NSXPC work 2.Present you some of my findings in popular macOS apps (e.g. local privilege escalation to r00t) 3.Abuse an interesting feature on Catalina allowing to inject an unsigned dylib 4.Show you how to fix that vulnz finally!
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
SecuRing
Protecting Java EE Web Apps with Secure HTTP Headers
Protecting Java EE Web Apps with Secure HTTP Headers
Frank Kim
分散型のスキャナーの構築は挑戦のし甲斐があり、実在のブラウザを使って作る場合はなおさらである。 今回紹介するスキャナーでは、ChromiumにJSのライブラリやそのバージョンを得るためのJavaScriptを注入することで、スキャンしたサイトのすべてのHTMLとJavaScript、独自アーキテクチャを必要とするセキュリティヘッダを保存できる。 このスキャナーでトップの100万サイトに対してスキャンを行い、現在のWeb上の状況を調べることが可能となるスケーラブルなシステムを設計する際に克服した課題についてカバーした。 本講演では、データ分析で得られた興味深い点にも触れるつもりである。 --- アイザック・ドーソンIsaac Dawson アイザック・ドーソンは、Veracode社の主要なセキュリティ研究者の一人で、彼の率いる同社の研究開発チームは、Veracode社の動的解析の提供に努めている。 Veracode社の前は@stake社とSymantec社でコンサルタントをしていた。 2004年にアプリケーションセキュリティのコンサルティングチーム発足させるため、日本へやってきた。 Veracode社での勤務が始まった後、彼の中で日本があまりにも快適であることがはっきりしたので、それ以降、滞在し続けることを決めたのだった。 Go言語の熱心なプログラマーであり、分散システムに関心があり、特にWebのスキャニングに強い関心をもっている。
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
CODE BLUE
Modern Web Application Defense with OWASP Tools
Modern Web Application Defense
Modern Web Application Defense
Frank Kim
Demonstration based session on HTTP headers relevant to security aspect of web applications. Target audience is web developers, and more attention is given to Java language.
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must Know
Ayoma Wijethunga
Web app sec tricks
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
OWASP Russia
The Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile Platforms
kosborn
Recomendados
Big corporations and financial institutions need secure pull printing services which guarantee a proper encryption, data access control and accountability. This research aimed to perform a MITM attack on multifunction printers with embedded software from the most popular vendors. The results are staggering - similar vulnerabilities have been found in multiple solutions which are exposed to breaking the encryption, collecting any prints from the server and printing at others' expense.
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
Jakub Kałużny
XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe bugs, including those used in jailbreaks. While the XPC bugs in Apple's components are harder and harder to exploit, did we look at non-Apple apps on macOS? As it turns out, vulnerable apps are everywhere - Anti Viruses, Messengers, Privacy tools, Firewalls, and more. This presentation: 1.Explain how XPC/NSXPC work 2.Present you some of my findings in popular macOS apps (e.g. local privilege escalation to r00t) 3.Abuse an interesting feature on Catalina allowing to inject an unsigned dylib 4.Show you how to fix that vulnz finally!
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
SecuRing
Protecting Java EE Web Apps with Secure HTTP Headers
Protecting Java EE Web Apps with Secure HTTP Headers
Frank Kim
分散型のスキャナーの構築は挑戦のし甲斐があり、実在のブラウザを使って作る場合はなおさらである。 今回紹介するスキャナーでは、ChromiumにJSのライブラリやそのバージョンを得るためのJavaScriptを注入することで、スキャンしたサイトのすべてのHTMLとJavaScript、独自アーキテクチャを必要とするセキュリティヘッダを保存できる。 このスキャナーでトップの100万サイトに対してスキャンを行い、現在のWeb上の状況を調べることが可能となるスケーラブルなシステムを設計する際に克服した課題についてカバーした。 本講演では、データ分析で得られた興味深い点にも触れるつもりである。 --- アイザック・ドーソンIsaac Dawson アイザック・ドーソンは、Veracode社の主要なセキュリティ研究者の一人で、彼の率いる同社の研究開発チームは、Veracode社の動的解析の提供に努めている。 Veracode社の前は@stake社とSymantec社でコンサルタントをしていた。 2004年にアプリケーションセキュリティのコンサルティングチーム発足させるため、日本へやってきた。 Veracode社での勤務が始まった後、彼の中で日本があまりにも快適であることがはっきりしたので、それ以降、滞在し続けることを決めたのだった。 Go言語の熱心なプログラマーであり、分散システムに関心があり、特にWebのスキャニングに強い関心をもっている。
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
CODE BLUE
Modern Web Application Defense with OWASP Tools
Modern Web Application Defense
Modern Web Application Defense
Frank Kim
Demonstration based session on HTTP headers relevant to security aspect of web applications. Target audience is web developers, and more attention is given to Java language.
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must Know
Ayoma Wijethunga
Web app sec tricks
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
OWASP Russia
The Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile Platforms
kosborn
Electron is a framework to create the desktop application on Windows,OS X, Linux easily, and it has been used to develop the popular applications such as Atom Editor, Visual Studio Code, and Slack. Although Electron includes Chromium and node.js and allow the web application developers to be able to develop the desktop application with accustomed methods, it contains a lot of security problems such as it allows arbitrary code execution if even one DOM-based XSS exist in the application. In fact, a lot of vulnerabilities which is able to load arbitrary code in applications made with Electron have been detected and reported. In this talk, I focus on organize and understand the security problems which tend to occur on development using Electron. --- Yosuke Hasegawa Secure Sky Technology Inc, Technical Adviser. Known for finding numerous vulnerablities in Internet Explorer、Mozilla Firefox and other web applications.He has also presented at Black Hat Japan 2008, South Korea POC 2008, 2010 and others. OWASP Kansai Chapter Leader, OWASP Japan Board member.
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
CODE BLUE
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities. One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems. I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest (=attack) painful, or just rendered the scenarios irrelevant.
Applications secure by default
Applications secure by default
SecuRing
Matt Nelson, SpecterOps A persistent "enlightened" attacker will invest the required resources to bypass any and all security features that might stand between them and their objective, regardless if these features are guaranteed to be serviced as security boundaries or not. This includes researching and developing attacks against Windows security features that may impose a hurdle in their attack chain. This talk will outline recent research into features such as User Account Control (UAC), the Antimalware Scan Interface (AMSI) and Device Guard and how these bypasses are useful to attackers in an operational context. Some examples include: UAC: If an attacker compromises a user that is running as a split-token administrator, bypassing UAC is required in order to perform any administrative actions; such as dumping credentials from memory. AMSI: With in-memory attacks becoming more prevalent via scripting languages, AMSI is the next logical step to facilitate detection. An attacker will need to bypass AMSI in order to safely operate in memory when using PowerShell, VBScript, or JScript. Device Guard: As organizations begin to consider whitelisting solutions, an attacker is required to adapt and develop a bypass to these technologies. One such solution is Device Guard, which can be used to heavily restrict what is allowed to execute on the system. In order to accomplish their objective, an attacker would need to bypass User Mode Code Integrity (UMCI). Such research can find novel ways to execute code in ways that are not likely to be detected. I will also cover some of the fixes that have been implemented in newer versions of the Windows Operating System. Fixing these bypasses will not only make Windows safer, but it will begin to disrupt attackers by raising the cost associated with successfully executing an attack.
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat Security Conference
Phu appsec13
Phu appsec13
drewz lin
Common threats to web security with real world case studies of compromised sites, - A 'dissection' of a typical common exploit tool and how it operates, - Simple approaches to mitigating common threats/vulnerabilities, - Defence in depth – an overview of the various components of web security, - Drupal specific measures that standard penetration testing often does not account for. An overview of how to benefit from: - Security monitoring and log analysis - Intrusion Detection Systems & Firewalls - Security headers and Content Security Policies (CSP). see Drupal Camp London for full details: http://drupalcamp.london/session/web-site-insecurity-how-your-cms-site-will-get-hacked-and-how-prevent-it
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity
George Boobyer
Slides for "HTML5 Security Realities" talk at W3Conf: Practical Standards for Web Professionals 2013. Brad Hill - PayPal @hillbrad
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realities
Brad Hill
Saruhan Karademir, Microsoft David Weston, Microsoft Windows Defender Application Guard (WDAG) brings the next generation isolation into the browser space. It merges the best of Hyper-V virtualization and Microsoft Edge sandboxing technologies to bring hardware-enforced isolation of untrusted websites from the user’s data and operating system. In this talk, we will walk through the WDAG security promise and architecture. We will explain how it was built from the ground up with security as the number one priority showcasing the architectural decisions that added layers of defense. Finally, we explore how Microsoft’s internal security teams engaged from the very beginning of this feature’s development, helping shape WDAG’s design, finding and fixing critical vulnerabilities, and building additional defense-in-depth layers before the product reached a single customer.
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat Security Conference
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
drewz lin
I got 99 trends and a # is all of them or How we found over 100 200+ RCE vulnerabilities in Trend Micro software. Presentation released at Hack In The Box 2017 Amsterdam, by Roberto Suggi Liverani @malerisch and Steven Seeley @steventseeley. For more information, please visit: http://blog.malerisch.net or http://srcincite.io
I got 99 trends and a # is all of them
I got 99 trends and a # is all of them
Roberto Suggi Liverani
* Django is a Web Application Framework, written in Python * Allows rapid, secure and agile web development. * Write better web applications in less time & effort.
Django (Web Applications that are Secure by Default )