Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[TEHTRI-Security] 0days at HITB Amsterdam 2012

From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml () tehtri-security com>
Date: Mon, 13 Feb 2012 11:59:26 +0100
Dear contacts,

During the next "Hack In The Box" event in Amsterdam (22nd & 23rd May
2012), TEHTRI-Security will come again, and propose an updated training
called *Hunting Web Attackers* with offensive cyber weapons shared with
our students.

For example, during the final live hacking exercise, we will show how to
strike-back against a team of attackers, thanks to multiple kind of
0days (hacking: web applications + client-side + network, etc).

Beyond our cyber-weapons against kits used by cyber-criminals (0days
against Zeus, Crimepack, etc), our students will also get more hacking
tricks that can make the difference during asymmetric cyber conflicts.

Examples ? We will share 0days that can help at bypassing a firewall, in
order to pown a remote evil LAN used by cyber-criminals (live demo
shared with students in our lab: bypassing an updated Cisco product).

To get our hacking tricks, do not hesitate to register soon, while seats
are still available. 100% of seats were taken last time.

_HITB Training link_
http://conference.hitb.org/hitbsecconf2012ams/tech-training-1-hunting-web-attackers/

Moreover, if you're interesting about *mobile hacking*, we wrote some
lines related to vulnerabilities about Gmail App on iPhone/iPad. Feel
free to read our thoughts/findings on our blog:

_TEHTRIS Blog link_
http://blog.tehtri-security.com/2012/01/gmail-app-security-issues-on.html

We essentially saw that the famous GX cookie was written in clear-text
on an iOS device, while Apple suggests to use Keychains capabilities to
store sensitive information (see Apple devel doc).

According to us, App vendors should do offensive pentests against mobile
applications. This year, we found plenty of vulnerabilities against iOS
app or MDM infrastructure (hacking thousands of devices)..
And we are not the only company feeling this big trouble in the Force,
for IT Security and Mobile stuff.

Best regards,

Laurent Estieux (CTO) & Laurent Oudot (CEO)
TEHTRI-Security - "This is not a Game"
http://www.tehtri-security.com/
@tehtris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: