Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Search Results for: deepSEC

[DeepSec 2015]50 Shades of WAF

50 Shades of WAF – Exemplified at Barracuda & Sucuri Ashar Javed (Hyundai AutoEver Europe GmbH) This talk will present 50 (25*2) bypasses of Barracuda and Sucuri’s WAF default signatures that deal with Cross-Site Scripting (XSS). 150,000 organizations worldwide including Fortune 1000 companies are using Barracuda while around 10,000 web applications are behind Sucuri’s cloud-based […]

[DeepSec 2015] File Format Fuzzing in Android – Giving a Stagefright to the Android Installer

File Format Fuzzing in Android – Giving a Stagefright to the Android Installer Alexandru Blanda (Intel Corporation)  The presentation focuses on revealing a fuzzing approach that can be used to uncover different types of vulnerabilities inside multiple core system components of the Android OS. The session will be targeted on exposing the general idea behind this approach and […]

[DeepSec 2015]How to Break XML Encryption – Automatically

How to Break XML Encryption – Automatically Juraj Somorovsky (Ruhr University Bochum) In recent years, XML Encryption became a target of several new attacks. These attacks belong to the family of adaptive chosen-ciphertext attacks, and allow an adversary to decrypt symmetric and asymmetric XML ciphertexts, without knowing the secret keys. In order toprotect XML Encryption […]

[DeepSec 2015] Hacking Cookies in Modern Web Applications and Browsers

Hacking Cookies in Modern Web Applications and Browsers Dawid Czagan (Silesia Security Lab) Since cookies store sensitive data (session ID, CSRF token, etc.) they are interesting from an attacker’s point of view. As it turns out, quite many web applications (including sensitive ones like bitcoin platforms) have cookie related vulnerabilities, that lead, for example, to […]