Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Viewing 24 reply threads
  • Author
    Posts
    • #3205
      Don Donzal
      Keymaster

      This is the place to be following Part II of this webcast series that took place at 1:00 PM EST on Wednesday January 21, 2009:

      [align=center:3gtjy4tr]Pen Testing Perfect Storm Pt. II: Anatomy of a Client-Side Mutiny [/align:3gtjy4tr]

      EH-Net members are invited to keep the conversation going with Kevin Johnson, Josh Wright and Ed Skoudis from InGuardians. These 3 security experts will be with us for about a week (depending on their time constraints) after each webcast to answer your questions. We will also post the links to webcasts as they become available.

      If you are not an EH-Net Member, please register now to post questions.

      Feel free to ask away…

      Many thanks to SANS and Core Security for making this possible,
      Don
      EH-Net
      Editor-in-Chief

    • #21361
      RoleReversal
      Participant

      Ed, Kevin & Josh,

      thanks for the talk, really enjoyed it.

      I’m looking forward to getting the archived talk and presentation slides as there was far too much information to take in in one go (that isn’t a criticism, please keep it up).

      Can’t wait for part 3

      RR

    • #21362
      vijay2
      Participant

      It was a great talk as usual, enjoyed and learned a lot.

      Thanks  Guys

      VJ

    • #21363
      edskoudis
      Participant

      VJ and RR,

      Thank you for your kind words.  Much appreciated.

      We had a wonderful time on the webcast yesterday.  Thanks to everyone who took time out of their schedule to join us.

      –Ed.

    • #21364
      KevinInGuardians
      Participant

      I would like to second Ed’s thanks for the kind words and I am looking forward to the conversations starting here.

      Kevin

    • #21365
      mtgarden
      Participant

      Where would I find an older/vulnerable version of Joomla to test with w3af?  Setting up a VMWare environment: Debian etch LAMP to host Joomla and a Samurai machine as a pentesting environment.

      Thanks.

    • #21366
      dynamik
      Participant
    • #21367
      mtgarden
      Participant

      those are only patches to the current version.  I wanted an install of an old code base.

    • #21368
      vijay2
      Participant

      Ed / Don / Kevin

      It would be really helpful if one of you guys would post all the links (tools)  from the last slide on here.

      Thanks

    • #21369
      dynamik
      Participant

      Whoops, sorry. I thought those were included.

      Here’s version history for 1.5, but I’m not seeing something similar for 1.0: http://docs.joomla.org/Joomla_1.5_version_history

    • #21370
      mtgarden
      Participant

      Thanks.

    • #21371
      hendricm
      Participant

      Great presentation yesterday!  I had one question, has the program AirCSRF, “Air-Sea-Surf”, by Garland Glessner, been released yet? 

      Thanks!

      -Matt

    • #21372
      vijay2
      Participant

      Now that we have received the archived webcast here are the links to the tools and resources discussed in the webcast

      VistaRFMON and nm2lp – http://www.inguardians.com/tools

      Vista Wireless Power Tools Paper – http://www.inguardians.com/pubs/articles.html

      Nethelper – winunix.mkreddys.com

      W3af – w3af.sourceforge.net

      Samurai – samurai.inguardians.com

      Thanks

      VJ

    • #21373
      edskoudis
      Participant

      Thanks, VJ, for posting those links… much appreciated.

      We’ll get answers to your other questions up (regarding old Joomla versions and AirCSRF availability) soon.

      Thanks again to all–
      –Ed.

    • #21374
      KevinInGuardians
      Participant

      @mtgarden wrote:

      Where would I find an older/vulnerable version of Joomla to test with w3af?  Setting up a VMWare environment: Debian etch LAMP to host Joomla and a Samurai machine as a pentesting environment.

      Thanks.

      Joomla 1.0 is available here:
      http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=3365

      You can then update to what ever version using the patches.

      Kevin

    • #21375
      joswr1ght
      Participant

      @hendricm wrote:

      Great presentation yesterday!  I had one question, has the program AirCSRF, “Air-Sea-Surf”, by Garland Glessner, been released yet? 

      I sent the Garland a note asking what is going on with the release; I’ll let you know shortly!

      Thanks for coming to the webcast. 🙂

      -Josh

    • #21376
      d3l0n
      Participant

      Hello,

      I although I registered to this webcast, I couldn’t make it on time. Is the archive available?

      Thx

    • #21377
      blackazarro
      Participant

      I also registered but couldn’t attend. Anybody has info as to when they are going to release the archive.

    • #21378
      vijay2
      Participant

      Here are the links to the Archive

      Webcast Recordings


      • Part II (from yesterday): https://coresecurity.webex.com/coresecurity/lsr.php?AT=pb&SP=EC&rID=6730442&rKey=6A102E159B31CD77

      • Part I (recorded in Oct 08): http://w.on24.com/r.htm?e=121680&s=1&k=A0A9EE250B2691348F1218E5F1B16CEA&partnerref=core

      Slide Presentations


      You can view the slide presentations from both Parts I and II at the InGuardians website: http://inguardians.com/pubs/articles.html

      Thanks

    • #21379
      blackazarro
      Participant

      Thanks vijay2, much appreciated.

    • #21380
      izman70
      Participant

      Gents,
      I would like to get a copy of the presentation sent to me if at all possible. Unfortunately I was out of the office that day, and couldnt get to a box to attend the presentation. Can you help a man out?!!!  ;D

      Thanks
      izman70

    • #21381
      izman70
      Participant

      Ummm…maybe I should have read the complete thread…I a posting of the link.
      thanks all
      and may the “Source” be with you!! Always!!!
      izman70

    • #21382
      KrisTeason
      Participant

      Hey vijay2, I also appreciate the link. I had signed up for it but couldn’t make it either, just got done watching Part 2 & I can’t wait for Part 3. Learning a lot of useful information in these webcasts.

    • #21383
      d3l0n
      Participant

      Thank you vijay2 for the links, much appreciate it.

    • #21384
      hendricm
      Participant

      Josh,

      Just curious if you had received a reply from Garland about AIRCSRF? 

      Thanks,

      Matt

      @joswr1ght wrote:

      @hendricm wrote:

      Great presentation yesterday!  I had one question, has the program AirCSRF, “Air-Sea-Surf”, by Garland Glessner, been released yet? 

      I sent the Garland a note asking what is going on with the release; I’ll let you know shortly!

      Thanks for coming to the webcast. 🙂

      -Josh

Viewing 24 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?