Robert Hansen

Robert Hansen

1 Š Š Robert “RSnake” Hansen - CEO SecTheory Ltd ƒ Bespoke Boutique Internet Security ƒ ƒ ƒ ƒ Š Web Application/Browser Security Network/OS Secu...

3MB Sizes 0 Downloads 20 Views

Recommend Documents

robert j. hansen - Rob Hansen
[email protected] ROBERT J. HANSEN. SUMMARY. More than 15 years of professional development experience. Master's i

Robert Hansen - Radford University
Jul 7, 1973 - Robert Hansen. Information summarized by. Emily McLaughlin. Megan Donnally. Carrie Draper. Jennifer Duncan

Robert Hansen Guaranteed Rate
YOU BY: Robert Hansen. Guaranteed Rate. VP. 14811 N. Kierland Blvd. Ste. 100. Scottsdale, AZ 85254. P: 480-214-8835. C:

Robert S. Hansen - Iesa
Robert S. Hansen. Education. • 1980 Ph.D., University of Florida, Gainesville. • Dissertation: Vertical Integration

CV of Hans Robert Hansen
CV of Hans Robert Hansen. Institute for Management Information Systems. WU Vienna. Augasse 2-6, A1090 Vienna, Austria. P

robert hansen - Solano Irrigation District
(The Solano Irrigation District Board may, by law, meet in Executive (Closed) Session to discuss certain items of public

Download Resume - Robert Hansen
Robert Hansen. Phoenixville PA •724.272.4298 • [email protected] ​Work Experience. Lockheed Martin, King of

ET3 & ET3A Robert-v-Hansen Hansen Grab Go Bar - GOV.GG
Apr 10, 2008 - APPLICANT: Mr Rex Robert. Represented by: Advocate Paul Richardson. RESPONDENT: Mr Anthony Hansen/Hansen

CREIGHTON MANNING WELCOMES ROBERT HANSEN, P.E.
Albany – September 19, 2011 Robert Hansen P.E. has joined Creighton Manning. Engineering's Transportation Group. Mr. H

Robert Hansen “The Alaskan Killer”
Robert Christian Hansen (Also known as: Bob, The Alaskan Killer, and The Butcher Baker). ○. Date of birth: Feb. 15, 19

1

Š Š

Robert “RSnake” Hansen - CEO SecTheory Ltd ƒ

Bespoke Boutique Internet Security ƒ ƒ ƒ ƒ

Š

Web Application/Browser Security Network/OS Security Advisory capacity to VCs/start-ups http://www.sectheory.com/

Founded the web application security lab ƒ http://ha.ckers.org/ - the lab ƒ http://sla.ckers.org/ - the forum 2

Š Š Š Š Š Š Š Š Š Š

http://www.mywebsite.com https://www.mywebsite.com http://mobile.mywebsite.com http://admin.mywebsite.com http://mywebsite.akadns.net http://mywebsite-api.partner.com http://marcom-mywebsite.provider.com http://www.google.com/search?q=mywebsite dns1.provider.com Virtual hosts? Eg: http://www.yoursite.com

Š

Š

Š

Regulations? Maybe… Recovery from a hack? Possibly… Fear? Nurses Union ƒ Autism ƒ

Š

Š Š Š

Š

Automated scanning is repeatable and measurable (at least in theory) Less prone to human error in testing Automates time intensive/boring tasks Can aid people who otherwise may not be qualified and/or skilled enough to do testing Scalable and therefore cheap!

Š

Some assembly required ƒ

Š

Reports are un-useful Š Š Š

Š

Š

Still requires a skilled person to operate Often non-actionable Noisy with informational only Executives can’t read them

No site specific tuning of vuln severity They aren’t “creative”

Š

Š

Don’t second guess yourself – your first instinct is very often the correct one. Occam’s Razor too! You can compress 100x the information into an image verses into a sound.

Š Š

Š Š

Š Š

"Copyright 2003" Alexa http://www.alexa.com/data/details/traff ic_details/?q= Archive.org http://www.archive.org/web/web.php Whois http://www.networksolutions.com/whoi s/index.jsp Last modified date Old server + modules version #'s

8

Š

Š

2-3 years (2) 3-5 years (3) 5-10 years (4) 10+ (5) For high traffic targets after 2-3 years (-1) 3-10 (-2)

9

Š

XSS tests (1) "Company" Š I <3 U Š

Š

SQL injection (1) Š

Š

O'Malley

DoS (.5) Š

a AND b AND c ...

10

Š Š

Š

Š

Does it exist? Yes (1) Email validation and/or CAPTCHA? No? (1-2) Password complexity? No? (1) Can you choose "admin"? Yes? (1) 11

Š Š Š Š Š Š

/admin/ /blog/wp-admin/ /administrator/ /adm/ admin.url.com Etc...

Just because you can doesn’t mean you should…

12

Š Š Š Š

Š

PHP nuke Wordpress Drupal Etc... (3/instance) +1 for every major revision out of date 13

Š Š

301/302 redirection (content not viewed) Live HTTP Headers vs Burp

Š

Š

Š

First there was CSRF Then there was the nonce This begat clickjacking

Š Š

Š Š Š Š Š

Š

JavaScript is not required Flash & security settings manager was vulnerable – Fixed, but other desktop/privacy issues may still exist IE8.0 persistence - Fixed Framebusting code does not work well in IE8.0 Beta. - Fixed Clicks can be monitored Can promote “Unlikely” XSS vulnerabilities Prior to 1.8.1.9 Noscript was vulnerable – Fixed. Turns out it was actually aiding in certain clickjacking examples CSRF protection using nonces can often be overcome

Š

Š Š

Š

Yes, intranet hacking is still possible. Yes, it’s still there. “I don’t see the point, everything’s still broken.” – Jeremiah Grossman (and yes, I agree). Yet, I still want to talk about it.

Š Š

Š

Spaghetti networks Is two always better than one? RFC1918 is not your friend in VPN world because of IP collisions Twins aren’t cute - they’re dangerous. ƒ Also obnoxious because it breaks home networks sometimes. ƒ

Š Š

Š Š

Intranets Internal Chat Clients Mail SMB backups

Š

Š

Malicious JS of every router type + BeEf + IE’s caching + RFC1918 + MITM Long term IP collision router hacking

Š

Robert Hansen [email protected] Š XSS Book: XSS Exploits and Defense Š

Š ISBN: 1597491543 Š Š Š Š

TBD: “Detecting Malice”

http://www.sectheory.com http://ha.ckers.org/ http://sla.ckers.org/

24