Sorry About your WAF: Modern Bypass Techniques for Autonomous Attacks

Johnny Xmas

Johnny Xmas

Sam Crowther

Sam Crowther

Speaker Bio

Johnny Xmas is a predominant personality in the Information Security community, most well-known for his work on the TSA Master Key leaks between 2014 and 2018. Currently working with the Australian firm ‘Kasada’ to defend against the automated abuse of web infrastructure, he was previously the lead consultant on Uptake’s Industrial Cybersecurity Platform. Prior to this, he spent many years in the field as a penetration tester, focusing heavily on both IT and physical security of financial and medical facilities.

 

Sam Crowther is the CEO and founder of Kasada.io, starting the company at the age of 19.  He now leads teams in Australia and the US, from his new base in Chicago. While still attending high school, Sam was the first student ever to be given two work placements at the “Australian NSA,” the Australian Signals Directorate. This experience allowed him quick placement on the Red Team at Macquarie Group, one of the world’s largest investment banks before leaving to dedicate his full efforts on leading Kasada’s efforts to destroy the Internet bot economy.

 

Presentation

Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, penetration tester or otherwise. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This presentation will be a mini-tutorial on how the various forms of “bot detection” out there work, and how to modify/spoof the necessary client environments to bypass nearly all of them using anything from Python Requests to Selenium, Puppet and beyond.