[DeepSec 2015]50 Shades of WAF

50 Shades of WAF – Exemplified at Barracuda & Sucuri Ashar Javed (Hyundai AutoEver Europe GmbH) This talk will present 50 (25*2) bypasses of Barracuda and Sucuri’s WAF default signatures that deal with Cross-Site Scripting (XSS). 150,000 organizations worldwide including Fortune 1000 companies are using Barracuda while around 10,000 web applications are behind Sucuri’s cloud-based
Read more

[DeepSec 2015] File Format Fuzzing in Android – Giving a Stagefright to the Android Installer

File Format Fuzzing in Android – Giving a Stagefright to the Android Installer Alexandru Blanda (Intel Corporation)  The presentation focuses on revealing a fuzzing approach that can be used to uncover different types of vulnerabilities inside multiple core system components of the Android OS. The session will be targeted on exposing the general idea behind this approach and
Read more

[DeepSec 2015]How to Break XML Encryption – Automatically

How to Break XML Encryption – Automatically Juraj Somorovsky (Ruhr University Bochum) In recent years, XML Encryption became a target of several new attacks. These attacks belong to the family of adaptive chosen-ciphertext attacks, and allow an adversary to decrypt symmetric and asymmetric XML ciphertexts, without knowing the secret keys. In order toprotect XML Encryption
Read more

[DeepSec 2015] Hacking Cookies in Modern Web Applications and Browsers

Hacking Cookies in Modern Web Applications and Browsers Dawid Czagan (Silesia Security Lab) Since cookies store sensitive data (session ID, CSRF token, etc.) they are interesting from an attacker’s point of view. As it turns out, quite many web applications (including sensitive ones like bitcoin platforms) have cookie related vulnerabilities, that lead, for example, to
Read more

[DeepSec 2015] Can societies manage the SIGINT monster?

Can societies manage the SIGINT monster? Duncan Campbell (IPTV Ltd) Behind closed doors, ubiquitous surveillance systems have evolved in parallel to and hidden within the global communications infrastructure. Developments in signals intelligence (Sigint) technology and tradecraft have shadowed all new telecommunications developments. Sigint agencies have covertly sought to lead, change, and subvert arrangements that IT
Read more