Actually, the only prevention of BEeF attacks is to fix the XSS vulnerabilities within applications.

Sorry I got here late, I'm about to watch it but I need the real player, so I headed over to get it at www.real.com/ downloaded it, uploaded it to virus total and got:
http://www.virustotal.com/analisis/78991ac2576070f4b3181865d202aa05
False Result? What you guys think?

1/36, so its either a really good piece of malware or a false positive.  or maybe a real result considering the installer probably calls home or to the net to grab updates.

if you are really paranoid run in a VM with a sniffer and see what it does.

Could we also leverage karmasploit for this type of attack to push clientside exploits, own the admin laptop, and then dump the password hashes, crack them, then use them to access other machines or the protected wireless internal network?

If that is functionally equivalent, which one of these attacks is better for a pentest? which one would be faster?

and on a side note, when is Jay going to release the middler?

Thanks Inguardians crew!

Sorry to resurrect an old topic, but has anyone gotten the AirCSRF, “Air-Sea-Surf” tool that this webcast mentioned?   I had on my list to follow up and I still can't find it.  Any word on its release?