Johnny Xmas

Johnny Xmas Sam Crowther

Sam Crowther

Sorry About your WAF: Modern Bypass Techniques for Autonomous Attacks

Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, penetration tester or otherwise. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This presentation will be a mini-tutorial on how the various forms of “bot detection” out there work, and how to modify/spoof the necessary client environments to bypass nearly all of them using anything from Python Requests to Selenium, Puppet and beyond.

James Arndt

James Arndt

Always Look a Gift (Trojan) Horse in the Mouth

It could be said that the city of Troy needed to update its antivirus or intrusion detection signatures. Maybe they needed to dust off their acceptable use policy on their SharePoint site? Or did their end users need more security training? Didn’t anyone warn the CEO of Troy that it is dangerous to push the “Enable Content” button on strange horses that show up outside the city wall? If only the city of Troy had a citizen that could have torn apart the Trojan Horse to see what was really going on inside.
The same goes for malicious emails. Someone will report a suspicious email because they think it might be malicious. But how bad is it really? Unless you are able to dig into the email and perform a thorough analysis on its attachments, you’ll never know how bad it is, how it behaves, and what it may be trying to contact.
In this talk, attendees will learn various tools and techniques that can be used to thoroughly analyze a malicous attachment and everything that comes after it. In order to get as many stones as possible, we will want to leave no stone unturned. This information can then be used to look for indicators of compromise throughout your environment.