Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Black Hat: 9 free security tools for defense & attacking

Tim Greene | July 29, 2016
Some of the researchers who at Black Hat will show how they hack and release the tools they used to do it

Pwning Your Java Messaging with Deserialization Vulnerabilities

Matthias Kaiser, Head of Vulnerability Research, Code White

Messaging in Java environments relies on serialization, the conversion of objects into series of bytes. Deserialization is turning the series back into objects. There have been ongoing improvements in Java deserialization exploits that make it possible to attack the applications that use Java messaging. Kaiser will talk about implementations that are vulnerable and release the Java Messaging Exploitation Tool to help users identify and exploit these systems.

Access Keys Will Kill You Before You Kill the Password

Loic Simon, Principal Security Engineer, NCC Group

The speaker, Loic Simon, uses this example: Keys used to access the Amazon Web Services infrastructure are often stored unencrypted and spread around among developers, creating a security weakness. This could be addressed by use of multi-factor authentication, which some users may avoid because it is more cumbersome than they’d like. Simon will show how MFA can be employed regardless of what authentication method is used, and will release a tool “used to allow painless work when MFA-protected API access is enforced in an AWS account.” 

Viral Video - Exploiting SSRF in Video Converters

Maxim Andreev, Sowtware Developer, Mail.ru Group, and Nikolay Ermishkin, Information Security Analyst, Mail.ru Group

The free FFmpeg libraries boast tools for converting multimedia formats including conversions for playlists that feature links to other files. This talk will consider how to exploit server side request forgery in processing these playlists. It shows how such SSRF against cloud-based servers can give full access to services such as Amazon Web Services, as well as attacks on Facebook, Telegram, Microsoft Azure, Flickr, Twitter services, Imgur and others. The speakers will release a tool to detect and exploit this vulnerability.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.