SlideShare ist ein Scribd-Unternehmen logo

RIT 2009 Intellectual Pwnership

Als PPT, PDF herunterladen
Rob Fuller
Rob Fuller
TechnologieBildung
1 von 12
By Rob Fuller
http://www.metasploit.com/
Failing is learning. Pen-Testers prove fail.
HOCUS POCUS  MS08_067_NETAPI – AKA OL' FAITHFUL  BUILDING A BINARY (IEXPRESS FTW)  PASS THE HASH / TOKEN STEALING
 The Framework can be used to:   Testing & Fuzzing during Exploit Development Make tool development FAST! and EASY!      (shoosh you college people!) Scripting Tasks (Resource Files / Meterperter Scripts) Not just sofware! (Wireless, Web, VOIP, etc) REX! AND MUCH MORE!  196 AUXILIARY MODULES!
      MS 08_067 - http://bit.ly/1o4Ul3 PASS THE HASH - http://bit.ly/3fMlM5 TOKEN STEALING - http://bit.ly/LROoe USE THE SVN!! - http://bit.ly/4iXe0e GET INVOLVED! Mailing List, IRC etc: LEARN MORE  Metasploit Unleashed: http://bit.ly/1VlKLm
    Rob Fuller – mubix [at] hak5 [dot] org http://www.room362.com/ http://twitter.com/mubix .. anything /mubix

Empfohlen

Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSRob Fuller
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
NotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersNotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersRob Fuller
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
 

Empfohlen

Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSRob Fuller
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
NotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersNotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersRob Fuller
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
 
Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
 
How to convince a malware to avoid us
How to convince a malware to avoid usHow to convince a malware to avoid us
How to convince a malware to avoid usCsaba Fitzl
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershelljaredhaight
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesMichele Orru
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestCsaba Fitzl
 
.Net debugging 2017
.Net debugging 2017.Net debugging 2017
.Net debugging 2017Tess Ferrandez
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Defending Against Application DoS attacks
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacksRoberto Suggi Liverani
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanismsCsaba Fitzl
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - Zoltan Balazs
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
I'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFI'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFMichele Orru
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkChris Gates
 
PowerShell crashcourse for sharepoint
PowerShell crashcourse for sharepointPowerShell crashcourse for sharepoint
PowerShell crashcourse for sharepointConcentrated Technology
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 
Exploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSExploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSCsaba Fitzl
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
 
Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)AOE
 
X La Mia Gemellina Ti Amooo
X La Mia Gemellina Ti AmoooX La Mia Gemellina Ti Amooo
X La Mia Gemellina Ti Amoooguest43ff38
 
Memory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxMemory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxRob Fuller
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
 
How to convince a malware to avoid us
How to convince a malware to avoid usHow to convince a malware to avoid us
How to convince a malware to avoid usCsaba Fitzl
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershelljaredhaight
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesMichele Orru
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestCsaba Fitzl
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Defending Against Application DoS attacks
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacksRoberto Suggi Liverani
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanismsCsaba Fitzl
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - Zoltan Balazs
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
I'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFI'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFMichele Orru
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkChris Gates
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 
Exploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSExploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSCsaba Fitzl
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
 
Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)AOE
 

Was ist angesagt? (20)

Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkit
 
How to convince a malware to avoid us
How to convince a malware to avoid usHow to convince a malware to avoid us
How to convince a malware to avoid us
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershell
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the framework
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the masses
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Evil
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
 
.Net debugging 2017
.Net debugging 2017.Net debugging 2017
.Net debugging 2017
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0
 
Defending Against Application DoS attacks
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacks
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
I'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFI'm the butcher would you like some BeEF
I'm the butcher would you like some BeEF
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit Framework
 
PowerShell crashcourse for sharepoint
PowerShell crashcourse for sharepointPowerShell crashcourse for sharepoint
PowerShell crashcourse for sharepoint
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration Testers
 
Exploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSExploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOS
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
 
Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)
 

Andere mochten auch

X La Mia Gemellina Ti Amooo
X La Mia Gemellina Ti AmoooX La Mia Gemellina Ti Amooo
X La Mia Gemellina Ti Amoooguest43ff38
 
Memory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxMemory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxRob Fuller
 
Introduction to Twitter (w/ Allen Klosowski)
Introduction to Twitter (w/ Allen Klosowski)Introduction to Twitter (w/ Allen Klosowski)
Introduction to Twitter (w/ Allen Klosowski)TeachStreet
 
Evaluating Educational Program
Evaluating Educational ProgramEvaluating Educational Program
Evaluating Educational Programu068717
 
Final Gran Fury
Final Gran FuryFinal Gran Fury
Final Gran Furypmbaird
 
Missionaries at Sea
Missionaries at SeaMissionaries at Sea
Missionaries at Seasoma.sdsu
 
indonesian-photos-03
indonesian-photos-03indonesian-photos-03
indonesian-photos-03sutrisno2629
 
Create A Stellar Listing
Create A Stellar ListingCreate A Stellar Listing
Create A Stellar ListingTeachStreet
 
Cascao Greece Ambiguity Law Nile Basin Agreement
Cascao Greece Ambiguity Law Nile Basin AgreementCascao Greece Ambiguity Law Nile Basin Agreement
Cascao Greece Ambiguity Law Nile Basin AgreementAna Cascao
 
The Changing Landscape of Public Relations
The Changing Landscape of Public RelationsThe Changing Landscape of Public Relations
The Changing Landscape of Public RelationsGlen Turpin
 
Improving the correlation hunting in a large quantity of SOM component planes
Improving the correlation hunting in a large quantity of SOM component planesImproving the correlation hunting in a large quantity of SOM component planes
Improving the correlation hunting in a large quantity of SOM component planesaskroll
 
Conversations with the Pre-Customer
Conversations with the Pre-CustomerConversations with the Pre-Customer
Conversations with the Pre-CustomerPete Jakob
 
Cascao_TWM_Workshop_Nile_Land
Cascao_TWM_Workshop_Nile_LandCascao_TWM_Workshop_Nile_Land
Cascao_TWM_Workshop_Nile_LandAna Cascao
 

Andere mochten auch (20)

X La Mia Gemellina Ti Amooo
X La Mia Gemellina Ti AmoooX La Mia Gemellina Ti Amooo
X La Mia Gemellina Ti Amooo
 
Memory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxMemory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: Firefox
 
Introduction to Twitter (w/ Allen Klosowski)
Introduction to Twitter (w/ Allen Klosowski)Introduction to Twitter (w/ Allen Klosowski)
Introduction to Twitter (w/ Allen Klosowski)
 
Evaluating Educational Program
Evaluating Educational ProgramEvaluating Educational Program
Evaluating Educational Program
 
Money
MoneyMoney
Money
 
Vladi funtzioak
Vladi funtzioakVladi funtzioak
Vladi funtzioak
 
Final Gran Fury
Final Gran FuryFinal Gran Fury
Final Gran Fury
 
Missionaries at Sea
Missionaries at SeaMissionaries at Sea
Missionaries at Sea
 
indonesian-photos-03
indonesian-photos-03indonesian-photos-03
indonesian-photos-03
 
Create A Stellar Listing
Create A Stellar ListingCreate A Stellar Listing
Create A Stellar Listing
 
Cascao Greece Ambiguity Law Nile Basin Agreement
Cascao Greece Ambiguity Law Nile Basin AgreementCascao Greece Ambiguity Law Nile Basin Agreement
Cascao Greece Ambiguity Law Nile Basin Agreement
 
Usns Mercy
Usns MercyUsns Mercy
Usns Mercy
 
Erik Scarcia
Erik Scarcia Erik Scarcia
Erik Scarcia
 
Water
WaterWater
Water
 
The Changing Landscape of Public Relations
The Changing Landscape of Public RelationsThe Changing Landscape of Public Relations
The Changing Landscape of Public Relations
 
Improving the correlation hunting in a large quantity of SOM component planes
Improving the correlation hunting in a large quantity of SOM component planesImproving the correlation hunting in a large quantity of SOM component planes
Improving the correlation hunting in a large quantity of SOM component planes
 
5. Simpsons En South Park
5. Simpsons En South Park5. Simpsons En South Park
5. Simpsons En South Park
 
Conversations with the Pre-Customer
Conversations with the Pre-CustomerConversations with the Pre-Customer
Conversations with the Pre-Customer
 
Get Rid Of Stress
Get Rid Of StressGet Rid Of Stress
Get Rid Of Stress
 
Cascao_TWM_Workshop_Nile_Land
Cascao_TWM_Workshop_Nile_LandCascao_TWM_Workshop_Nile_Land
Cascao_TWM_Workshop_Nile_Land
 

Ähnlich wie RIT 2009 Intellectual Pwnership

W.E.B. 2010 - Web, Exploits, Browsers
W.E.B. 2010 - Web, Exploits, BrowsersW.E.B. 2010 - Web, Exploits, Browsers
W.E.B. 2010 - Web, Exploits, BrowsersSaumil Shah
 
"Ask Me Anything" About Automating Workflows
"Ask Me Anything" About Automating Workflows"Ask Me Anything" About Automating Workflows
"Ask Me Anything" About Automating WorkflowsSafe Software
 
Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsPawel Rzepa
 
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...Mauro Risonho de Paula Assumpcao
 
Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Abraham Aranguren
 
FAKE (F# Make) & Automation
FAKE (F# Make) & AutomationFAKE (F# Make) & Automation
FAKE (F# Make) & AutomationSergey Tihon
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Christian Frichot
 
Parsing binaries and protocols with erlang
Parsing binaries and protocols with erlangParsing binaries and protocols with erlang
Parsing binaries and protocols with erlangBhasker Kode
 
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not knowOWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not knowOWASP
 
Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9sumsid1234
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Web Fonts in Email: How? What? Where?
Web Fonts in Email: How? What? Where?Web Fonts in Email: How? What? Where?
Web Fonts in Email: How? What? Where?Paul Airy
 
Jose de Castros's Presentation at Emerging Communication Conference & Awards ...
Jose de Castros's Presentation at Emerging Communication Conference & Awards ...Jose de Castros's Presentation at Emerging Communication Conference & Awards ...
Jose de Castros's Presentation at Emerging Communication Conference & Awards ...eCommConf
 
Moho - Real-Time Communications Framework
Moho - Real-Time Communications FrameworkMoho - Real-Time Communications Framework
Moho - Real-Time Communications FrameworkJose de Castro
 
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...PaloAltoNetworks
 
International Web Application Development
International Web Application DevelopmentInternational Web Application Development
International Web Application DevelopmentSarah Allen
 
Bruce Lawson HTML5 South By SouthWest presentation
Bruce Lawson HTML5 South By SouthWest presentationBruce Lawson HTML5 South By SouthWest presentation
Bruce Lawson HTML5 South By SouthWest presentationbrucelawson
 

Ähnlich wie RIT 2009 Intellectual Pwnership (20)

W.E.B. 2010 - Web, Exploits, Browsers
W.E.B. 2010 - Web, Exploits, BrowsersW.E.B. 2010 - Web, Exploits, Browsers
W.E.B. 2010 - Web, Exploits, Browsers
 
"Ask Me Anything" About Automating Workflows
"Ask Me Anything" About Automating Workflows"Ask Me Anything" About Automating Workflows
"Ask Me Anything" About Automating Workflows
 
Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugs
 
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
 
Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012
 
Flask
FlaskFlask
Flask
 
FAKE (F# Make) & Automation
FAKE (F# Make) & AutomationFAKE (F# Make) & Automation
FAKE (F# Make) & Automation
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012
 
Parsing binaries and protocols with erlang
Parsing binaries and protocols with erlangParsing binaries and protocols with erlang
Parsing binaries and protocols with erlang
 
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitStealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploit
 
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not knowOWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
OWASP Poland Day 2018 - Jakub Botwicz - AFL that you do not know
 
OTG-Recon
OTG-ReconOTG-Recon
OTG-Recon
 
Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
Web Fonts in Email: How? What? Where?
Web Fonts in Email: How? What? Where?Web Fonts in Email: How? What? Where?
Web Fonts in Email: How? What? Where?
 
Jose de Castros's Presentation at Emerging Communication Conference & Awards ...
Jose de Castros's Presentation at Emerging Communication Conference & Awards ...Jose de Castros's Presentation at Emerging Communication Conference & Awards ...
Jose de Castros's Presentation at Emerging Communication Conference & Awards ...
 
Moho - Real-Time Communications Framework
Moho - Real-Time Communications FrameworkMoho - Real-Time Communications Framework
Moho - Real-Time Communications Framework
 
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
 
International Web Application Development
International Web Application DevelopmentInternational Web Application Development
International Web Application Development
 
Bruce Lawson HTML5 South By SouthWest presentation
Bruce Lawson HTML5 South By SouthWest presentationBruce Lawson HTML5 South By SouthWest presentation
Bruce Lawson HTML5 South By SouthWest presentation
 

Mehr von Rob Fuller

Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
KiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsKiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsRob Fuller
 
As The Phish Turns
As The Phish TurnsAs The Phish Turns
As The Phish TurnsRob Fuller
 
Intro to White Chapel
Intro to White ChapelIntro to White Chapel
Intro to White ChapelRob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 HoursRob Fuller
 

Mehr von Rob Fuller (7)

Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
KiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsKiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's Assets
 
GiTFO
GiTFOGiTFO
GiTFO
 
As The Phish Turns
As The Phish TurnsAs The Phish Turns
As The Phish Turns
 
Intro to White Chapel
Intro to White ChapelIntro to White Chapel
Intro to White Chapel
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 Hours
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

RIT 2009 Intellectual Pwnership

  • 2.
  • 3.
  • 4.
  • 6. Failing is learning. Pen-Testers prove fail.
  • 7.
  • 8.
  • 9. HOCUS POCUS  MS08_067_NETAPI – AKA OL' FAITHFUL  BUILDING A BINARY (IEXPRESS FTW)  PASS THE HASH / TOKEN STEALING
  • 10.  The Framework can be used to:   Testing & Fuzzing during Exploit Development Make tool development FAST! and EASY!      (shoosh you college people!) Scripting Tasks (Resource Files / Meterperter Scripts) Not just sofware! (Wireless, Web, VOIP, etc) REX! AND MUCH MORE!  196 AUXILIARY MODULES!
  • 11.       MS 08_067 - http://bit.ly/1o4Ul3 PASS THE HASH - http://bit.ly/3fMlM5 TOKEN STEALING - http://bit.ly/LROoe USE THE SVN!! - http://bit.ly/4iXe0e GET INVOLVED! Mailing List, IRC etc: LEARN MORE  Metasploit Unleashed: http://bit.ly/1VlKLm
  • 12.     Rob Fuller – mubix [at] hak5 [dot] org http://www.room362.com/ http://twitter.com/mubix .. anything /mubix