Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

[TEHTRI-Security] 0days at HITB Amsterdam 2012

 

 

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


laurent.oudot-ml at tehtri-security

Feb 13, 2012, 2:59 AM

Post #1 of 1 (226 views)
Permalink
[TEHTRI-Security] 0days at HITB Amsterdam 2012

Dear contacts,

During the next "Hack In The Box" event in Amsterdam (22nd & 23rd May
2012), TEHTRI-Security will come again, and propose an updated training
called *Hunting Web Attackers* with offensive cyber weapons shared with
our students.

For example, during the final live hacking exercise, we will show how to
strike-back against a team of attackers, thanks to multiple kind of
0days (hacking: web applications + client-side + network, etc).

Beyond our cyber-weapons against kits used by cyber-criminals (0days
against Zeus, Crimepack, etc), our students will also get more hacking
tricks that can make the difference during asymmetric cyber conflicts.

Examples ? We will share 0days that can help at bypassing a firewall, in
order to pown a remote evil LAN used by cyber-criminals (live demo
shared with students in our lab: bypassing an updated Cisco product).

To get our hacking tricks, do not hesitate to register soon, while seats
are still available. 100% of seats were taken last time.

_HITB Training link_
http://conference.hitb.org/hitbsecconf2012ams/tech-training-1-hunting-web-attackers/

Moreover, if you're interesting about *mobile hacking*, we wrote some
lines related to vulnerabilities about Gmail App on iPhone/iPad. Feel
free to read our thoughts/findings on our blog:

_TEHTRIS Blog link_
http://blog.tehtri-security.com/2012/01/gmail-app-security-issues-on.html

We essentially saw that the famous GX cookie was written in clear-text
on an iOS device, while Apple suggests to use Keychains capabilities to
store sensitive information (see Apple devel doc).

According to us, App vendors should do offensive pentests against mobile
applications. This year, we found plenty of vulnerabilities against iOS
app or MDM infrastructure (hacking thousands of devices)..
And we are not the only company feeling this big trouble in the Force,
for IT Security and Mobile stuff.

Best regards,

Laurent Estieux (CTO) & Laurent Oudot (CEO)
TEHTRI-Security - "This is not a Game"
http://www.tehtri-security.com/
@tehtris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.