Public Speaking Archives - 7ASecurity Blog

Chinese Police and CloudPets slides, video and interview

Admin — Tue, 03 Dec 2019 13:45:07 +0000

NOTE: In 2020, a new talk will substantially improve this one to include an interesting third app and better explain the other ones. In late 2019, I had the privilege of giving a talk and an interview at SEC-T and DeepSec about “Chinese Police and CloudPets”. Basically a summary of highlights from 3 different pentest …

The post Chinese Police and CloudPets slides, video and interview appeared first on 7ASecurity Blog.

Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ]

Admin — Wed, 04 Sep 2019 01:14:00 +0000

Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG‑NETWORK‑2: The TLS settings are in line with current best practices, or as close as possible if …

The post Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] appeared first on 7ASecurity Blog.

Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ]

Admin — Tue, 03 Sep 2019 00:19:16 +0000

Previous blog posts you might have missed and maybe you would like to read first for background: Part 1: Intro Part 2: Translating APKs The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG-NETWORK-1: Data is encrypted on the network using …

The post Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ] appeared first on 7ASecurity Blog.

Hacking Mandated Apps – Part 2: Translating APKs

Admin — Mon, 02 Sep 2019 02:41:26 +0000

If you missed Hacking Mandated Apps – Part 1: Intro please start there for background 🙂 Translating APKs in beautiful exotic languages As explained in the intro, the team did not get access to the sources of the app. We had to first retrieve the APK from a Korean APK download service, decompile the APK and then …

The post Hacking Mandated Apps – Part 2: Translating APKs appeared first on 7ASecurity Blog.

Hacking Mandated Apps – Part 1: Intro

Admin — Sun, 01 Sep 2019 06:48:38 +0000

NOTE: This was all coordinated work with human rights activists, vulnerabilities were reported, findings public, and talk (below) given! 🙂 Is monitoring your children something your country’s government asks you to do? Do you feel you need the government’s help to parent your child, technologically? What if I told you there is a country that forced its …

The post Hacking Mandated Apps – Part 1: Intro appeared first on 7ASecurity Blog.

XXE Exposed Webinar Recording and Slides

Admin — Fri, 25 Jul 2014 19:50:00 +0000

In case someone is interested, I had the pleasure of giving a Webinar for eLearnSecurity on Tuesday this week: Webinar Title: “XXE Exposed” Summary: Brief coverage of Web Service Types, SQLi and XSS against Web Services to then talk about XXE and XEE attacks and mitigation.Heavily inspired on the “Practical Web Defense” (PWD) style of pwnage + …

The post XXE Exposed Webinar Recording and Slides appeared first on 7ASecurity Blog.

AppSec EU: OWASP OWTF Summer Storm slides, demos and Plug-n-Hack support!

Admin — Sun, 25 Aug 2013 20:15:00 +0000

UPDATE 04/09/2013: Added link to AppSec EU video UPDATE 26/08/2013: Added Plug-n-Hack support link. OWASP AppSec EU 2013 and HackPra AllStars were both a blast this week: I would like to use this opportunity to let you know that: OWASP OWTF is always actively looking for contributors, bug reports / ideas. The slides for the …

The post AppSec EU: OWASP OWTF Summer Storm slides, demos and Plug-n-Hack support! appeared first on 7ASecurity Blog.

GSoC + Pentesting like a Grandmaster: Slides, Demos, Video

Admin — Thu, 25 Apr 2013 14:43:00 +0000

Pentesting like a Grandmaster materials – BSides London 2013 UPDATE: 2013-07-28 – Added link to BSides London talk interview NOTE: Will update the post as soon as video is available only slides and demos for now 🙂 BSides London 2013 was a blast as previous years, I received a lot of good feedback during the …

The post GSoC + Pentesting like a Grandmaster: Slides, Demos, Video appeared first on 7ASecurity Blog.

VSA: The Virtual Scripted Attacker, Slides online

Admin — Wed, 20 Feb 2013 12:41:00 +0000

At Brucon 2012 I had the privilege to present and demo VSA, the Virtual Scripted Attacker, a tool I had been working on with a great team of very talented people for a number of months. The talk was only 5 minutes long (a Lightning talk) so the presentation is brief. VSA is the first …

The post VSA: The Virtual Scripted Attacker, Slides online appeared first on 7ASecurity Blog.

OWASP OWTF BruCon 2012 Workshop slides, code, demos

Admin — Mon, 01 Oct 2012 12:36:00 +0000

Here are a few links if you want to download the materials from the OWASP OWTF BruCon 2012 workshop that happened last week in Ghent, Belgium: – The slides are now online in slideshare – The demos, code and slides PDF can be downloaded from either of these: The OWTF Project Github page The BruCon …

The post OWASP OWTF BruCon 2012 Workshop slides, code, demos appeared first on 7ASecurity Blog.