.

The Art of exploiting Injection flaws@ Black Hat Vegas 2013

<<

notsosecure

User avatar

Newbie
Newbie

Posts: 12

Joined: Thu Apr 21, 2011 5:13 pm

Post Tue Mar 05, 2013 8:23 am

The Art of exploiting Injection flaws@ Black Hat Vegas 2013

The popular course, The Art of Exploiting Injection Flaws will return to Black Hat Las Vegas in July 2013. The OWASP top 10 2013 RC has retained Injection flaw as still the top threat to web applications. Learn advanced SQLI, as well as some new, neat and ridiculous hacks in LDAP, XPATH, XXE, HQLI, direct code (ala RoR flaw) etc.

More details here:

http://blackhat.com/us-13/training/the- ... flaws.html

Identify, extract, escalate, execute.. need we say more?
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Mar 05, 2013 9:37 am

Re: The Art of exploiting Injection flaws@ Black Hat Vegas 2013

It's a very good course, I recently some most of it, he knows his stuff (and beyond), no questions about that  ;D
I'm an InterN0T'er
<<

notsosecure

User avatar

Newbie
Newbie

Posts: 12

Joined: Thu Apr 21, 2011 5:13 pm

Post Wed Mar 06, 2013 8:36 am

Re: The Art of exploiting Injection flaws@ Black Hat Vegas 2013

Thanks Maxe,

Just for the benefit for anyone who is not familiar with course content, the topics which might be of interest to them which the course covers:

Oracle SQLI- how do execute code, how to do priv esc from web app, OOB
extraction might be of interest to you. Examples of burp pro missing
SQLI. Injection in order by/group by, 2nd order injection etc.
Stuff on XPATH is pretty awesome. I will show a new attack with which
you can not just read any arbitrary XML file on system but any file
with any extension.
LDAP- some really good example of auth bypass and blind ldap tool.
XXE- not too new stuff but good pointer on where to look for these.
Direct code injection- examples of recent ruby on rail and other
framework issues such as expression query language injection etc

Hope to meet some of the fellow ethicalhacker members at Black hat!

Sid
<<

notsosecure

User avatar

Newbie
Newbie

Posts: 12

Joined: Thu Apr 21, 2011 5:13 pm

Post Mon Apr 29, 2013 3:22 am

Re: The Art of exploiting Injection flaws@ Black Hat Vegas 2013

here is a small podcast featuring me on pauldotcom, which gives an insight into the course :)

http://www.ustream.tv/recorded/31958833
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue May 07, 2013 7:41 pm

Re: The Art of exploiting Injection flaws@ Black Hat Vegas 2013

Just listened to that on the way home today, interesting stuff.
Certs: GCWN
(@)Dewser
<<

notsosecure

User avatar

Newbie
Newbie

Posts: 12

Joined: Thu Apr 21, 2011 5:13 pm

Post Thu May 09, 2013 3:34 am

Re: The Art of exploiting Injection flaws@ Black Hat Vegas 2013


Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software