![[DeepSec 2015]50 Shades of WAF](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
[DeepSec 2015]50 Shades of WAF
Mastodon 50 Shades of WAF – Exemplified at Barracuda & Sucuri Ashar Javed (Hyundai AutoEver Europe GmbH) This talk will present 50 (25*2) bypasses of Barracuda and Sucuri’s WAF default signatures that deal with Cross-Site Scripting (XSS). 150,000 organizations worldwide including Fortune 1000 companies are using Barracuda while around 10,000 ... Read More
[DeepSec 2015] File Format Fuzzing in Android – Giving a Stagefright to the Android Installer
File Format Fuzzing in Android – Giving a Stagefright to the Android Installer Alexandru Blanda (Intel Corporation) The presentation focuses on revealing a fuzzing approach that can be used to uncover different types of vulnerabilities inside multiple core system components of the Android OS. The session will be targeted on exposing the general ... Read More
[DeepSec 2015]How to Break XML Encryption – Automatically
How to Break XML Encryption – Automatically Juraj Somorovsky (Ruhr University Bochum) In recent years, XML Encryption became a target of several new attacks. These attacks belong to the family of adaptive chosen-ciphertext attacks, and allow an adversary to decrypt symmetric and asymmetric XML ciphertexts, without knowing the secret keys ... Read More
[DeepSec 2015] Hacking Cookies in Modern Web Applications and Browsers
Hacking Cookies in Modern Web Applications and Browsers Dawid Czagan (Silesia Security Lab) Since cookies store sensitive data (session ID, CSRF token, etc.) they are interesting from an attacker’s point of view. As it turns out, quite many web applications (including sensitive ones like bitcoin platforms) have cookie related vulnerabilities, ... Read More
[DeepSec 2015] Can societies manage the SIGINT monster?
Can societies manage the SIGINT monster? Duncan Campbell (IPTV Ltd) Behind closed doors, ubiquitous surveillance systems have evolved in parallel to and hidden within the global communications infrastructure. Developments in signals intelligence (Sigint) technology and tradecraft have shadowed all new telecommunications developments. Sigint agencies have covertly sought to lead, change, ... Read More
Taking out the Eurotrash
Regular listeners are probably already aware by now, that the Eurotrash is no more! As with all good things, there had to be an end, and with the last Christmas episode, we got the old crew back together for one last go around! We’d like to say that we’re throwing in the ... Read More
All good things must come to an end
By the time you read this, I will be gone… no, not like that! Let me start at the beginning. Back in 2008 (when I was still young and almost had hair) I joined a small team (actually it was just 1 person if I remember rightly) at an Austrian ... Read More
[DeepSec 2014] Advanced Powershell Threat: Lethal Client Side Attacks using Powershell
Advanced Powershell Threat: Lethal Client Side Attacks using Powershell – Nikhil Mittal APT – A buzzword which refuses to die. Lets have some fun with it, lets move it to powershell. This talk would focus on using powershell for Client Side Attacks. Powershell is an ideal platform for client side attacks as ... Read More
