Penetration Testing mailing list archives
Webserver Fingerprinting @ BlackHat
From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: 09 Oct 2002 12:06:44 -0700
Black Hat Singapore 2002 was an excellent event with many great speakers covering highly interesting security subject matter. Now available for immediate download (via http://www.whitehatsec.com/) is the PPT presentation, the WhiteHat Webserver Fingerprinter utility and the CIS Apache Benchmark tool. Presentation: http://www.whitehatsec.com/presentations/Black_Hat_Singapore_2002/BlackHat2002-Singapore.zip WhiteHat Webserver Fingerprinter: http://www.whitehatsec.com/presentations/Black_Hat_Singapore_2002/wh_webserver_fingerprinter.tgz CIS Apache Benchmark: http://www.whitehatsec.com/presentations/Black_Hat_Singapore_2002/CIS_Apache_Benchmark.tgz --------------------------------------------------------------------------- Talk Description: Jeremiah Grossman presented a talk at Black Hat Singapore 2002 on Oct. 3, 2002 entitled " Identifying Web Servers: A First-look Into the Future of Web Server Fingerprinting" Many diligent security professionals take active steps to limit the amount of system specific information a publicly available system may yield to a remote user. These preventative measures may take the form of modifying service banners, firewalls, web site information, etc. These countermeasures lead us to the obvious question; could it STILL possible to determine a web servers platform and version even after all known methods of information leakage prevention have been exhausted (either by hack or configuration)? Proof of concept tools and command line examples will be demonstrated throughout the talk to illustrate these new ideas and techniques. Various countermeasures will also be explored to protect your IIS or Apache web server from various fingerprinting techniques. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Webserver Fingerprinting @ BlackHat Jeremiah Grossman (Oct 10)