Showing 39 results for: Conferences ×

Reflected File Download - A New Web Attack Vector

PLEASE NOTE: As promised, I've published a full white paper that is now available for download: White paper "Reflected File Download: A New Web Attack Vector" by Oren Hafif. On October 2014 as part of my talk at the Black...

Touchlogging Part 3 - Final Thoughts

This is the third and final part on the subject of Touchlogging. I do recommend reading part one and part two before reading this final part. The previous parts described the technical details of the touchlogging attacks. In this part,...

Touchlogging Part 2 - Android

This is part two in my Touchlogging series, you can find part one here. In part one, I wrote a little bit about the background and how to intercept touch events on jailbroken iOS. This part will focus on Android....

Touchlogging Part 1 - iOS

Although there have been numerous articles posted, I thought I would write about my recent presentation at the RSA Conference on the subject of touchlogging. Since many people have asked, I got the term touchlogging from this paper. I do...

The Way of the Cryptologist

Right before DEF CON, a friend of mine reached out to me to ask if I would write a crypto challenge for his CTF. While it was a busy time for me, I didn't want to pass up the chance...

Introducing RDI – Reflected DOM Injection

The other day at DEFCON 21 we (Daniel Chechik and Anat Davidi) gave a talk introducing a new technique for delivering exploits by utilizing popular websites, we named the technique RDI which stands for "Reflected DOM Injection", and we explained...

Fraud, Passwords, and Pwnage on the Interwebz

This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and Security B-Sides Seattle. The combination of some of those talks succeeded in keeping some persistent issues alive in the hopes of finding a solution....

How to Hack and Not Get Caught

The following thoughts on internal network penetration strategies are drawn from "OPFOR 4Ever," which I'll be presenting later this week with my colleague Chris Pogue at Microsoft's BlueHat Security Conference. Network penetration testers love to complain about the unrealistic scope...

Wherever you come from, you can meet BeEF

This year I've been very busy in terms of conferences, and developing/coordinating new features for BeEF. The move to GitHub has been successful: we are receiving many pull requests from our users, and we encourage everyone to do it. If...

The Patsy Proxy: Getting others to do your dirty work

Patsy (slang) - A person easily taken advantage of, cheated, blamed, or ridiculed. My girlfriend (@savagejen) and I will be presenting at Derbycon this year about some research we've done into systems not configured as proxies, but which will pass...

DEF CON 20: French Fry, Pizza, or Rotten Apples?

If you currently do a search online for a female's perspective about DEF CON, everything is coming up sexual harassment. I've been asked a dozen times about my experiences in the past week alone and I can't say anything overly...

Spiders are FUN! Party at DEF CON

Hey folks! This week a fair ammount of us (15k) are heading to Vegas for Black Hat / BSides / DEF CON. This year SpiderLabs is having their Party to celebrate the year! Open Bar, and DJ's, and a special...