Sergey Belov - NGinx Warhead

•Descargar como PPTX, PDF•

1 recomendación•2,114 vistas

The document profiles Sergey Belov and discusses his background as a pentester, writer, and bug bounty hunter. It then outlines potential ways Nginx could be used for MitM/phishing attacks, including setting up a reverse proxy to intercept and modify requests, and discusses challenges like requiring another domain or IP and instability. The document cautions that DNS rebinding could allow attacking internal resources but is very unstable. It concludes by thanking the reader and providing demo URLs.

Sergey Belov

•

Pentester in Digital Security / ERPScan;

•

Writer (habrahabr.ru, “Xakep”);

•

CTF Player;

•

Bug bounty member (Google, Yandex);

•

bugscollector.com creator.

•

Very easy

•

0$

•

Not mentioned in the wild

NGinx – reverse proxy

php-fpm
Client

Nginx
Apache

attacker.com

Client

php-fpm

Nginx
Apache
vuln.com

??? http server

$Step 1 location / { proxy_pass http://vuln.com; proxy_set_header X-Real-IP $remote_addr; } }$

Step 2





proxy_set_header Host “vuln.com";
sub_filter ‘vuln.com' ‘attacker.com';
sub_filter_once off;

Phishing

NGinx – tool for MitM/phishing?







+ Identical design
+ Fully functional working
+ Logging all data (POST/GET)
+ Add custom JS/HTML
- Another domain (DNS poising / router
hacking, malware, evil apn config e.t.c.)

Pentest
 Random exploit’s?
 Change response data (rights of social
networks apps)
 Change apps swf -> java (exploit)
 ???

DNS rebinding

• -Another domain
• - Very unstable
• + Can attack internal resources

Internal, not external!

C:UsersBeLove>ping www.ya.ru
Обмен пакетами с ya.ru [87.250.250.203] с 32 байтами данных

Remove it from:
• Pentester’s reports
• Most famous security scanners

Thanks!
demo:
http://zn.sergeybelove.ru
http://twitter.com/sergeybelove

Más contenido relacionado

La actualidad más candente

Fun with exploits old and new

Fun with exploits old and new

Fun with exploits old and new

Larry Cashdollar

Hacking Wordpress Plugins

Hacking Wordpress Plugins

Hacking Wordpress Plugins

Larry Cashdollar

Probably every Zabbix user has a story of a Zabbix agent suddenly failing to work. Computers and networks are complex and diverse, and so are the causes of these problems. This talk introduces a structured approach to debugging configuration problems, connectivity problems and problems in the execution of the agent. It will spotlight common problems, but also some rather obscure ones I met in the wild. Zabbix Conference 2015

Volker Fröhlich - How to Debug Common Agent Issues

Volker Fröhlich - How to Debug Common Agent Issues

Volker Fröhlich - How to Debug Common Agent Issues

Communicating with the Zabbix API can be quite cumbersome, especially if you don't have a background as a programmer. For a sysadmin, it would be very nice if one could just run some CLI commands to control Zabbix behavior. Wouldn't it be wonderful if you could fetch a list of active triggers and parse it with grep or sed to find the specific triggers you are looking for? Or perhaps you need a list of historic values that you can parse in a custom script? How about a cronjob that downloads and emails all the graphs in the system matching a certain regex? In this presentation Raymond Kuiper will talk about some of these possibilities and show you how he achieved these things in his Zabbix setup. Zabbix Conference 2015

Raymond Kuiper - Working the API like a Unix Pro

Raymond Kuiper - Working the API like a Unix Pro

Raymond Kuiper - Working the API like a Unix Pro

Windows privilege escalation by Dhruv Shah

Windows privilege escalation by Dhruv Shah

Windows privilege escalation by Dhruv Shah

Иван Новиков «Elastic search»

Иван Новиков «Elastic search»

Иван Новиков «Elastic search»

2020 ADDO Spring Break OWASP ZAP Automation

2020 ADDO Spring Break OWASP ZAP Automation

2020 ADDO Spring Break OWASP ZAP Automation

HTTP HOST header attacks

HTTP HOST header attacks

HTTP HOST header attacks

2017 DevSecCon ZAP Scripting Workshop

2017 DevSecCon ZAP Scripting Workshop

2017 DevSecCon ZAP Scripting Workshop

ColdFusion for Penetration Testers

ColdFusion for Penetration Testers

ColdFusion for Penetration Testers

Pwning with powershell

Pwning with powershell

Pwning with powershell

SANS DFIR Prague: PowerShell & WMI

SANS DFIR Prague: PowerShell & WMI

SANS DFIR Prague: PowerShell & WMI

2021 ZAP Automation in CI/CD

2021 ZAP Automation in CI/CD

2021 ZAP Automation in CI/CD

Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...

Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...

Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...

Mining Ruby Gem vulnerabilities for Fun and No Profit.

Mining Ruby Gem vulnerabilities for Fun and No Profit.

Mining Ruby Gem vulnerabilities for Fun and No Profit.

Larry Cashdollar

Obfuscating The Empire

Obfuscating The Empire

Obfuscating The Empire

Windows Privilege Escalation

Windows Privilege Escalation

Windows Privilege Escalation

ruxc0n 2012

Introducing PS>Attack: An offensive PowerShell toolkit

Introducing PS>Attack: An offensive PowerShell toolkit

Introducing PS>Attack: An offensive PowerShell toolkit

Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac

Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac

Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac

La actualidad más candente (20)

Fun with exploits old and new

Fun with exploits old and new

Fun with exploits old and new

Hacking Wordpress Plugins

Hacking Wordpress Plugins

Hacking Wordpress Plugins

Volker Fröhlich - How to Debug Common Agent Issues

Volker Fröhlich - How to Debug Common Agent Issues

Volker Fröhlich - How to Debug Common Agent Issues

Raymond Kuiper - Working the API like a Unix Pro

Raymond Kuiper - Working the API like a Unix Pro

Raymond Kuiper - Working the API like a Unix Pro

Windows privilege escalation by Dhruv Shah

Windows privilege escalation by Dhruv Shah

Windows privilege escalation by Dhruv Shah

Иван Новиков «Elastic search»

Иван Новиков «Elastic search»

Иван Новиков «Elastic search»

2020 ADDO Spring Break OWASP ZAP Automation

2020 ADDO Spring Break OWASP ZAP Automation

2020 ADDO Spring Break OWASP ZAP Automation

HTTP HOST header attacks

HTTP HOST header attacks

HTTP HOST header attacks

2017 DevSecCon ZAP Scripting Workshop

2017 DevSecCon ZAP Scripting Workshop

2017 DevSecCon ZAP Scripting Workshop

ColdFusion for Penetration Testers

ColdFusion for Penetration Testers

ColdFusion for Penetration Testers

Pwning with powershell

Pwning with powershell

Pwning with powershell

SANS DFIR Prague: PowerShell & WMI

SANS DFIR Prague: PowerShell & WMI

SANS DFIR Prague: PowerShell & WMI

2021 ZAP Automation in CI/CD

2021 ZAP Automation in CI/CD

2021 ZAP Automation in CI/CD

Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...

Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...

Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...

Mining Ruby Gem vulnerabilities for Fun and No Profit.

Mining Ruby Gem vulnerabilities for Fun and No Profit.

Mining Ruby Gem vulnerabilities for Fun and No Profit.

Obfuscating The Empire

Obfuscating The Empire

Obfuscating The Empire

Windows Privilege Escalation

Windows Privilege Escalation

Windows Privilege Escalation

ruxc0n 2012

Introducing PS>Attack: An offensive PowerShell toolkit

Introducing PS>Attack: An offensive PowerShell toolkit

Introducing PS>Attack: An offensive PowerShell toolkit

Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac

Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac

Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac

Similar a Sergey Belov - NGinx Warhead

Jednym z najistotniejszych czynników wspierających ochronę krytycznej infrastruktury sieciowej jest czas reakcji zespołu reagowania na incydenty bezpieczeństwa (Incident Response Team). Im szybciej, tym lepiej. Rozwiązania wspomagające wczesne wykrywanie ataków oparte o pasywną analizę zapytań DNS, zbiorów danych Netflow czy PCAP warto wesprzeć coraz częściej docenianą i wykorzystywaną produkcyjnie infrastrukturą typu honeynet. Rozsądne osadzenie sond honeypotowych w różnych segmentach sieci pozwoli na wykrycie ataku już w początkowych fazach rekonesansu i enumeracji. Dzięki honeypotom niejednokrotnie uzyskamy także szczegółowe informacje na temat nowej techniki ataku, próby wykorzystania błędu typu 0-day czy bardzo specyficznego użycia znanych od lat narzędzi. "Know your enemy" - to dewiza, którą powinniśmy się kierować w trosce o rozwój defensywnych umiejętności zespołów bezpieczeństwa i honeypotowa sieć zdecydowanie posiada tu dużą wartość. Podczas prelekcji postaram się przedstawić sposoby wykorzystania jak i możliwości oferowane przez open source'owe rozwiązania typu honeypot. Będziemy mówić o pojedynczych projektach imitujących rzeczywiste usługi (DNS, SMB, SSH, SCP/SFTP, FTP, telnet, HTTP, TFTP, MySQL/MSSQL, RDP i wiele innych), wstrzykiwaniu poprzez reverse proxy honeypotowych zawartości do aplikacji webowych, atakowaniu atakujących;) , kończąc na dedykowanych platformach z wbudowanych stackiem ELK.

[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy

[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy

[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy

Год в Github bugbounty, опыт участия

Год в Github bugbounty, опыт участия

Год в Github bugbounty, опыт участия

Nikto

Sorina Chirilă

Static Code Analysis PHP[tek] 2023

Static Code Analysis PHP[tek] 2023

Static Code Analysis PHP[tek] 2023

Scott Keck-Warren

Security in PHP - 那些在滲透測試的小技巧

Security in PHP - 那些在滲透測試的小技巧

Security in PHP - 那些在滲透測試的小技巧

Orange@php conf

Orange@php conf

Orange@php conf

Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.

Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...

Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...

Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...

Legal and efficient web app testing without permission

Legal and efficient web app testing without permission

Legal and efficient web app testing without permission

Abraham Aranguren

How To Be A Hacker

How To Be A Hacker

How To Be A Hacker

Automating workflows has been a priority of many development teams in recent years. The more your team can automate their work and integrate the different tools they use, the more they can accomplish. In an effort to facilitate automation, Pantheon recently released Cloud Integration Tools, allowing developers to integrate their daily workflows with their favorite apps and services, both inbound and outbound, as well as unify login across services.

Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More

Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More

Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More

Taming botnets

Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis

Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis

Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis

Positive Hack Days

Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.

Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014

Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014

Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014

Cracking Into Embedded Devices - HACK.LU 2K8

Cracking Into Embedded Devices - HACK.LU 2K8

Cracking Into Embedded Devices - HACK.LU 2K8

Debugging webOS applications

Debugging webOS applications

Debugging webOS applications

Abraham aranguren. legal and efficient web app testing without permission

Abraham aranguren. legal and efficient web app testing without permission

Abraham aranguren. legal and efficient web app testing without permission

Detecting headless browsers

Detecting headless browsers

Detecting headless browsers

Felipe Fidelix, Business Development Manager (UK) at Platform.sh spoke at eZ Conference 2017 on Debugging Effectively in the Cloud. Debugging PHP can be quite fun, if you just know how to do it. But what happens when you need to go beyond that? In his presentation, Felipe explains in depth how to debug PHP and related services using not-often-explored techniques like filesystem monitoring, mysql proxy interception, system call tracing, debugging remotely and a lot more.

Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...

Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...

Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...

Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick

Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick

Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick

Unity Makes Strength

Unity Makes Strength

Unity Makes Strength

Similar a Sergey Belov - NGinx Warhead (20)

[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy

[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy

[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy

Год в Github bugbounty, опыт участия

Год в Github bugbounty, опыт участия

Год в Github bugbounty, опыт участия

Nikto

Static Code Analysis PHP[tek] 2023

Static Code Analysis PHP[tek] 2023

Static Code Analysis PHP[tek] 2023

Security in PHP - 那些在滲透測試的小技巧

Security in PHP - 那些在滲透測試的小技巧

Security in PHP - 那些在滲透測試的小技巧

Orange@php conf

Orange@php conf

Orange@php conf

Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...

Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...

Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...

Legal and efficient web app testing without permission

Legal and efficient web app testing without permission

Legal and efficient web app testing without permission

How To Be A Hacker

How To Be A Hacker

How To Be A Hacker

Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More

Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More

Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More

Taming botnets

Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis

Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis

Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis

Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014

Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014

Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014

Cracking Into Embedded Devices - HACK.LU 2K8

Cracking Into Embedded Devices - HACK.LU 2K8

Cracking Into Embedded Devices - HACK.LU 2K8

Debugging webOS applications

Debugging webOS applications

Debugging webOS applications

Abraham aranguren. legal and efficient web app testing without permission

Abraham aranguren. legal and efficient web app testing without permission

Abraham aranguren. legal and efficient web app testing without permission

Detecting headless browsers

Detecting headless browsers

Detecting headless browsers

Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...

Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...

Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...

Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick

Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick

Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick

Unity Makes Strength

Unity Makes Strength

Unity Makes Strength

Más de DefconRussia

[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...

[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...

[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...

Intel Boot Guard — аппаратно поддержанная технология верификации подлинности BIOS, которую вендор компьютерной системы может встроить на этапе производства. Докладчик представит результаты анализа технологии, расскажет об её эволюции. Слушатели узнают, как годами клонируемая ошибка на производстве нескольких вендоров позволяет потенциальному злоумышленнику воспользоваться этой технологией для создания в системе неудаляемого (даже программатором!) скрытого руткита. Github: https://github.com/flothrone/bootguard

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...

В Spring MVC есть классная фича — autobinding. Но если пользоваться ей неправильно, могут появиться «незаметные» уязвимости, иногда с серьёзным импактом. Рассмотрим пару примеров, углубимся в тонкости появления autobinding-багов. Writeup [ENG]: http://agrrrdog.blogspot.ru/2017/03/autobinding-vulns-and-spring-mvc.html

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

Руткиты в мире основанных на ядре Linux операционных систем уже не являются редкостью. Рассказ будет о том, как попытки в современных реалиях определить то, скомпрометирована ли система, привели к неожиданному результату.

[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux

[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux

[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux

Георгий Зайцев - Reversing golang

Георгий Зайцев - Reversing golang

Георгий Зайцев - Reversing golang

Мы поговорим об общей проблеме валидации входных данных и качестве их обработки. Интерпретация входящих данных оказывает прямое влияние на решения, принимаемые в физической инфраструктуре: если какая-либо часть данных обрабатывается недостаточно аккуратно, это может повлиять на эффективность и безопасность процесса. В этой беседе мы обсудим атаки на процесс обработки данных и природу концепции «never trust your inputs» в контексте информационно-физических систем (в общем смысле, то есть любых подобных систем). Для иллюстрации проблемы мы используем уязвимости аналого-цифровых преобразователей (АЦП), которые можно заставить выдавать поддельный цифровой сигнал с помощью изменения частоты и фазы входящего аналогового сигнала: ошибка масштабирования такого сигнала может вызывать целочисленное переполнение и дает возможность эксплуатировать уязвимости в логике PLC/встроенного ПО. Также мы покажем реальные примеры использования подобных уязвимостей и последствия этих нападений.

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

Cisco network equipment has always been an attractive attack target due to its prevalence and the key role that it plays in network structure and security. This equipment is based on a wide variety of OS (firmware) architectures, types, and versions, so it is much harder to develop a universal shellcode. Publicly available Cisco IOS shellcodes are tailored to specific equipment, have narrow functionality, and are not exactly useful for penetration testing. This talk is the presentation of a research initiated by our research center to create a shellcode which is as easily portable between different IOS firmwares as possible and which provides a lot of pentesting features because it can dynamically change the shellcode destination at the stage of post-exploitation. We will also consider the possibility of creating a worm which could spread across the infrastructure, from firewall to router, from router to switch, etc.

Cisco IOS shellcode: All-in-one

Cisco IOS shellcode: All-in-one

Cisco IOS shellcode: All-in-one

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

Attacks on tacacs - Алексей Тюрин

Attacks on tacacs - Алексей Тюрин

Attacks on tacacs - Алексей Тюрин

Weakpass - defcon russia 23

Weakpass - defcon russia 23

Weakpass - defcon russia 23

nosymbols - defcon russia 20

nosymbols - defcon russia 20

nosymbols - defcon russia 20

static - defcon russia 20

static - defcon russia 20

static - defcon russia 20

Zn task - defcon russia 20

Zn task - defcon russia 20

Zn task - defcon russia 20

Vm ware fuzzing - defcon russia 20

Vm ware fuzzing - defcon russia 20

Vm ware fuzzing - defcon russia 20

Nedospasov defcon russia 23

Nedospasov defcon russia 23

Nedospasov defcon russia 23

Advanced cfg bypass on adobe flash player 18 defcon russia 23

Advanced cfg bypass on adobe flash player 18 defcon russia 23

Advanced cfg bypass on adobe flash player 18 defcon russia 23

Miasm defcon russia 23

Miasm defcon russia 23

Miasm defcon russia 23

Расскажу где и как iCloud Keychain хранит пароли, и какие потенциальные риски это несёт. Apple утверждает, что пароли надежно защищены, и даже её сотрудники не могут получить к ним доступ. Чтобы это подтвердить или опровергнуть, необходимо разобраться с внутренним устройством iCloud Keychain, чем мы и займемся.

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

Все шире и шире получают распространение bugbounty программы - программы вознаграждения за уязвимости различных вендоров. И порой при поиске уязвимостей находятся места, которые явно небезопасны (например - self XSS), но доказать от них угрозу сложно. Но чем крупнее (хотя, скорее адекватнее) вендор, тем они охотнее обсуждают и просят показать угрозу от сообщенной уязвимости, и при успехе – вознаграждают 8). Мой доклад – подборка таких сложных ситуаций и рассказ, как же можно доказать угрозу.

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

Мои последние исселодования показали, что у SharePoint есть определенное количество вэб сервисов, которые могут помочь аудитору собрать крайне полезную информацию с сайта (списки пользователей, групп, ролей и т д). Также данные сервисы, в комбинации с хранимыми XSS, могут быть использованы для вертикального повышения привилегий или предоставить информацию для компрометации доменных записей AD.

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

Más de DefconRussia (20)

[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...

[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...

[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux

[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux

[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux

Георгий Зайцев - Reversing golang

Георгий Зайцев - Reversing golang

Георгий Зайцев - Reversing golang

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

Cisco IOS shellcode: All-in-one

Cisco IOS shellcode: All-in-one

Cisco IOS shellcode: All-in-one

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

Attacks on tacacs - Алексей Тюрин

Attacks on tacacs - Алексей Тюрин

Attacks on tacacs - Алексей Тюрин

Weakpass - defcon russia 23

Weakpass - defcon russia 23

Weakpass - defcon russia 23

nosymbols - defcon russia 20

nosymbols - defcon russia 20

nosymbols - defcon russia 20

static - defcon russia 20

static - defcon russia 20

static - defcon russia 20

Zn task - defcon russia 20

Zn task - defcon russia 20

Zn task - defcon russia 20

Vm ware fuzzing - defcon russia 20

Vm ware fuzzing - defcon russia 20

Vm ware fuzzing - defcon russia 20

Nedospasov defcon russia 23

Nedospasov defcon russia 23

Nedospasov defcon russia 23

Advanced cfg bypass on adobe flash player 18 defcon russia 23

Advanced cfg bypass on adobe flash player 18 defcon russia 23

Advanced cfg bypass on adobe flash player 18 defcon russia 23

Miasm defcon russia 23

Miasm defcon russia 23

Miasm defcon russia 23

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

Último

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

"Impact of front-end architecture on development cost", Viktor Turskyi

"Impact of front-end architecture on development cost", Viktor Turskyi

"Impact of front-end architecture on development cost", Viktor Turskyi

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

JMeter webinar - integration with InfluxDB and Grafana

JMeter webinar - integration with InfluxDB and Grafana

JMeter webinar - integration with InfluxDB and Grafana

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

Powerful Start- the Key to Project Success, Barbara Laskowska

Powerful Start- the Key to Project Success, Barbara Laskowska

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

Demystifying gRPC in .Net by John Staveley

Demystifying gRPC in .Net by John Staveley

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

The presentation underscores the strategic advantage of treating design systems not just as technical assets but as vital business components that require thoughtful management, robust planning, and strategic alignment with organizational goals. Key Points Covered: - Understanding Design Systems as Business Entities: Conceptualizing design systems as internal business entities can streamline their integration and evolution within a company. - Adoption and Expansion: Elaborating on the importance of tactical adoption across organizational structures, enhancing product suites to cater to user needs and broadening scope to mobile and content authoring solutions. - Data-Driven Development: Utilizing data insights for component development ensures that resources are allocated to create valuable, widely used features. - Financial Modeling for Design Systems: Developing sustainable funding models is crucial for long-term support and success of design systems. - Promoting Internal Buy-In: Stressing on strategies for promoting design systems within the organization to increase engagement and investment from internal stakeholders.

A Business-Centric Approach to Design System Strategy

A Business-Centric Approach to Design System Strategy

A Business-Centric Approach to Design System Strategy

Explore the core of Salesforce success in 'Salesforce Adoption – Metrics, Methods, and Motivation.' We will discuss essential metrics, effective methods to drive adoption, and the driving force behind user engagement and explore strategies for onboarding, training, and continuous support that empower users to navigate the platform seamlessly. By leveraging these tools, you can effectively measure adoption against your company’s goals and create an environment where users not only adopt Salesforce but actively contribute to its ongoing success.

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Intro in Product Management - Коротко про професію продакт менеджера

Intro in Product Management - Коротко про професію продакт менеджера

Intro in Product Management - Коротко про професію продакт менеджера

Knowledge engineering: from people to machines and back

Knowledge engineering: from people to machines and back

Knowledge engineering: from people to machines and back

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

Intelligent Gimbal FINAL PAPER Engineering.pdf

Intelligent Gimbal FINAL PAPER Engineering.pdf

Intelligent Gimbal FINAL PAPER Engineering.pdf

Anthony Lucente

IoT Analytics Company Presentation May 2024

IoT Analytics Company Presentation May 2024

IoT Analytics Company Presentation May 2024

In an era where artificial intelligence (AI) is becoming increasingly integrated into our daily lives, the need for empathetic technology is paramount. This talk explores the role of motion design in enhancing AI interfaces to foster empathy and improve user experiences. Key Topics Covered: 1. Introduction to Empathetic AI - The importance of creating empathy in AI interfaces - Personal journey from character animation to AI and robotics design 2. The Role of Motion in User Interaction - Historical context of motion in design, from early Disney animations to modern interfaces - The blinking cursor: An example of effective motion use since 1960 3. Designing for Empathy - How motion can enhance user satisfaction and trust in AI systems - Examples from human-robot interaction and AI interfaces 4. Creating Human-like Interactions - Using motion to provide transparency and context in AI interactions - The importance of natural conversation flows and the ability to interrupt AI responses 5. Avoiding the Uncanny Valley - Recognizing and mitigating the uncanny valley in AI-generated content - Examples of effective and ineffective uses of motion in AI 6. Systemizing Motion Design - Strategies for integrating motion into AI systems at scale - Salesforce’s approach to creating and scaling a motion system for AI

Motion for AI: Creating Empathy in Technology

Motion for AI: Creating Empathy in Technology

Motion for AI: Creating Empathy in Technology

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

What's New in Teams Calling, Meetings and Devices April 2024

What's New in Teams Calling, Meetings and Devices April 2024

What's New in Teams Calling, Meetings and Devices April 2024

Stephanie Beckett

Discover the essentials of performance testing in the IT sector with our concise guide. Learn about various testing types such as load, stress, endurance, spike, scalability, and volume testing. Understand key performance metrics like response time, throughput, CPU and memory utilization, and error rate. Explore top tools like Apache JMeter, LoadRunner, Gatling, Neoload, and BlazeMeter. Gain insights into best practices for defining objectives, creating realistic scenarios, automating tests, and optimizing performance to ensure user satisfaction, reliability, scalability, and cost efficiency. Ideal for developers, QA engineers, and IT professionals. Visit Expeed Software for more information. https://expeed.com/

In-Depth Performance Testing Guide for IT Professionals

In-Depth Performance Testing Guide for IT Professionals

In-Depth Performance Testing Guide for IT Professionals

Expeed Software

ODC, Data Fabric and Architecture User Group

ODC, Data Fabric and Architecture User Group

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Último (20)

"Impact of front-end architecture on development cost", Viktor Turskyi

"Impact of front-end architecture on development cost", Viktor Turskyi

"Impact of front-end architecture on development cost", Viktor Turskyi

JMeter webinar - integration with InfluxDB and Grafana

JMeter webinar - integration with InfluxDB and Grafana

JMeter webinar - integration with InfluxDB and Grafana

Powerful Start- the Key to Project Success, Barbara Laskowska

Powerful Start- the Key to Project Success, Barbara Laskowska

Powerful Start- the Key to Project Success, Barbara Laskowska

Demystifying gRPC in .Net by John Staveley

Demystifying gRPC in .Net by John Staveley

Demystifying gRPC in .Net by John Staveley

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

A Business-Centric Approach to Design System Strategy

A Business-Centric Approach to Design System Strategy

A Business-Centric Approach to Design System Strategy

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Intro in Product Management - Коротко про професію продакт менеджера

Intro in Product Management - Коротко про професію продакт менеджера

Intro in Product Management - Коротко про професію продакт менеджера

Knowledge engineering: from people to machines and back

Knowledge engineering: from people to machines and back

Knowledge engineering: from people to machines and back

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

Intelligent Gimbal FINAL PAPER Engineering.pdf

Intelligent Gimbal FINAL PAPER Engineering.pdf

Intelligent Gimbal FINAL PAPER Engineering.pdf

IoT Analytics Company Presentation May 2024

IoT Analytics Company Presentation May 2024

IoT Analytics Company Presentation May 2024

Motion for AI: Creating Empathy in Technology

Motion for AI: Creating Empathy in Technology

Motion for AI: Creating Empathy in Technology

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

What's New in Teams Calling, Meetings and Devices April 2024

What's New in Teams Calling, Meetings and Devices April 2024

What's New in Teams Calling, Meetings and Devices April 2024

In-Depth Performance Testing Guide for IT Professionals

In-Depth Performance Testing Guide for IT Professionals

In-Depth Performance Testing Guide for IT Professionals

ODC, Data Fabric and Architecture User Group

ODC, Data Fabric and Architecture User Group

ODC, Data Fabric and Architecture User Group

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Sergey Belov - NGinx Warhead

1. Sergey Belov

2. • Pentester in Digital Security / ERPScan; • Writer (habrahabr.ru, “Xakep”); • CTF Player; • Bug bounty member (Google, Yandex); • bugscollector.com creator.

3. • Very easy • 0$ • Not mentioned in the wild

4. NGinx – reverse proxy

5. php-fpm Client Nginx Apache

6. attacker.com Client php-fpm Nginx Apache vuln.com ??? http server

7. Step 1 location / { proxy_pass http://vuln.com; proxy_set_header X-Real-IP $remote_addr; } }

8. Step 2    proxy_set_header Host “vuln.com"; sub_filter ‘vuln.com' ‘attacker.com'; sub_filter_once off;

9.

11. NGinx – tool for MitM/phishing?      + Identical design + Fully functional working + Logging all data (POST/GET) + Add custom JS/HTML - Another domain (DNS poising / router hacking, malware, evil apn config e.t.c.)

12. Pentest  Random exploit’s?  Change response data (rights of social networks apps)  Change apps swf -> java (exploit)  ???

13. DNS rebinding

14. • -Another domain • - Very unstable • + Can attack internal resources

15. Internal, not external!

16. C:UsersBeLove>ping www.ya.ru Обмен пакетами с ya.ru [87.250.250.203] с 32 байтами данных

17. Remove it from: • Pentester’s reports • Most famous security scanners

18. Thanks! demo: http://zn.sergeybelove.ru http://twitter.com/sergeybelove