Enviar búsqueda
Cargar
Team RISC nullcon 2012 Jailbreak presentation
•
0 recomendaciones
•
172 vistas
R
Raghu Nath
Seguir
Tecnología
Educación
Denunciar
Compartir
Denunciar
Compartir
1 de 29
Descargar ahora
Descargar para leer sin conexión
Recomendados
Team RISC nullcon 2012 Jailbreak presentation
Team RISC nullcon 2012 Jailbreak presentation
Raghu Nath
JavaCamp Paris 3
JavaCamp Paris 3
Eric Le Merdy
GlassFish can support multiple Ruby frameworks ... really ?
GlassFish can support multiple Ruby frameworks ... really ?
Arun Gupta
CISC & RISC Architecture
CISC & RISC Architecture
Suvendu Kumar Dash
Risc
Risc
Piyush Rochwani
RISC AND CISC PROCESSOR
RISC AND CISC PROCESSOR
Khurram Siddiqui
Reduced instruction set computers
Reduced instruction set computers
Sanjivani Sontakke
Risc and cisc eugene clewlow
Risc and cisc eugene clewlow
Manish Prajapati
Recomendados
Team RISC nullcon 2012 Jailbreak presentation
Team RISC nullcon 2012 Jailbreak presentation
Raghu Nath
JavaCamp Paris 3
JavaCamp Paris 3
Eric Le Merdy
GlassFish can support multiple Ruby frameworks ... really ?
GlassFish can support multiple Ruby frameworks ... really ?
Arun Gupta
CISC & RISC Architecture
CISC & RISC Architecture
Suvendu Kumar Dash
Risc
Risc
Piyush Rochwani
RISC AND CISC PROCESSOR
RISC AND CISC PROCESSOR
Khurram Siddiqui
Reduced instruction set computers
Reduced instruction set computers
Sanjivani Sontakke
Risc and cisc eugene clewlow
Risc and cisc eugene clewlow
Manish Prajapati
How to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Mohammed A. Imran
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
egypt
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
Daniel Garcia (a.k.a cr0hn)
Decompiling Android
Decompiling Android
Godfrey Nolan
Columbus WordCamp 2015
Columbus WordCamp 2015
Jason Packer
Tips for better CI on Android
Tips for better CI on Android
Tomoaki Imai
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
Daniel Garcia (a.k.a cr0hn)
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Hafez Kamal
DEF CON 27 - JESSE MICHAEL - get off the kernel if you can't drive
DEF CON 27 - JESSE MICHAEL - get off the kernel if you can't drive
Felipe Prado
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
GeekPwn Keen
Intrusion Techniques
Intrusion Techniques
Festival Software Livre
Sensible scaling
Sensible scaling
Rowan Merewood
Jvm tuning in a rush! - Lviv JUG
Jvm tuning in a rush! - Lviv JUG
Tomek Borek
Java Tools and Techniques for Solving Tricky Problem
Java Tools and Techniques for Solving Tricky Problem
Will Iverson
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Mikhail Sosonkin
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stack
Ran Bar-Zik
Java tuning on GNU/Linux for busy dev
Java tuning on GNU/Linux for busy dev
Tomek Borek
Frontend automation and stability
Frontend automation and stability
Máté Nádasdi
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
Daniel Garcia (a.k.a cr0hn)
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Más contenido relacionado
Similar a Team RISC nullcon 2012 Jailbreak presentation
How to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Mohammed A. Imran
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
egypt
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
Daniel Garcia (a.k.a cr0hn)
Decompiling Android
Decompiling Android
Godfrey Nolan
Columbus WordCamp 2015
Columbus WordCamp 2015
Jason Packer
Tips for better CI on Android
Tips for better CI on Android
Tomoaki Imai
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
Daniel Garcia (a.k.a cr0hn)
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Hafez Kamal
DEF CON 27 - JESSE MICHAEL - get off the kernel if you can't drive
DEF CON 27 - JESSE MICHAEL - get off the kernel if you can't drive
Felipe Prado
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
GeekPwn Keen
Intrusion Techniques
Intrusion Techniques
Festival Software Livre
Sensible scaling
Sensible scaling
Rowan Merewood
Jvm tuning in a rush! - Lviv JUG
Jvm tuning in a rush! - Lviv JUG
Tomek Borek
Java Tools and Techniques for Solving Tricky Problem
Java Tools and Techniques for Solving Tricky Problem
Will Iverson
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Mikhail Sosonkin
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stack
Ran Bar-Zik
Java tuning on GNU/Linux for busy dev
Java tuning on GNU/Linux for busy dev
Tomek Borek
Frontend automation and stability
Frontend automation and stability
Máté Nádasdi
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
Daniel Garcia (a.k.a cr0hn)
Similar a Team RISC nullcon 2012 Jailbreak presentation
(20)
How to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
Decompiling Android
Decompiling Android
Columbus WordCamp 2015
Columbus WordCamp 2015
Tips for better CI on Android
Tips for better CI on Android
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
DEF CON 27 - JESSE MICHAEL - get off the kernel if you can't drive
DEF CON 27 - JESSE MICHAEL - get off the kernel if you can't drive
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
Intrusion Techniques
Intrusion Techniques
Sensible scaling
Sensible scaling
Jvm tuning in a rush! - Lviv JUG
Jvm tuning in a rush! - Lviv JUG
Java Tools and Techniques for Solving Tricky Problem
Java Tools and Techniques for Solving Tricky Problem
NYU Hacknight: iOS and OSX ABI
NYU Hacknight: iOS and OSX ABI
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stack
Java tuning on GNU/Linux for busy dev
Java tuning on GNU/Linux for busy dev
Frontend automation and stability
Frontend automation and stability
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
Último
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Último
(20)
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Team RISC nullcon 2012 Jailbreak presentation
1.
Team RISC
2.
Our story of
Jail break !
3.
Aim Find zero day
in Joomla ( I'm-possible in 36 Hrs ;) )
4.
Eating only this
...
5.
Why Joomla/Gymla ? ●
Challenge ! ● Learn exploitation in complex web applications ● IBM X-force paper on CMS security.
6.
Vulns in Drupal
7.
Vulns in Wordpress
8.
Vulns in Joomla
9.
How its generally
done ? 0 day vulnerability Source code Fuzzing Auditing
10.
What we did
?
11.
Methodology
12.
Know your enemy If
you know your enemies and know yourself, you will not be imperiled in a hundred battles -- Sun Tzu, the art of war
13.
Set up the
Attacking environment
14.
Study the Joomla
architecture
15.
Components, modules, plugins
16.
Source code
Auditing ● Identify vulnerable Functions ● Analyze the entry points ● Analyze Input Validations.
17.
The entry points
18.
More ...
19.
Few more ...
20.
Exec call
21.
RIPS output
22.
Fuzzing ● Find the
entry points ● SQL Injection ● XSS ● CSRF ● Command Injection ● Click Jacking with Drag and drop
23.
JBroFuzz
24.
Clickjacking
25.
Tools used for
Source code auditing ● The mighty grep ● RIPS ● RATS
26.
Tools used for
Fuzzing JBroFuzz Burp Suite WebScarab
27.
References ●
http://www.exploit-db.com/papers/15780/ ● Burp Suite ● http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321
28.
Thanks to ... Omair,
Amol Naik, Null team and especially our Jailer
29.
Questions ? हैकर हैक्या
? हैकर
Descargar ahora