We’ve got some audio from the past Black Hat conference I’ve already talked about over here and here.
Keep in mind that without the slides it will probably sound very boring. Both parts of the presentation can be found here and here.
I finally got some time to write! Anyway, I believe that many of you want to see my Black Hat slides. If you are not aware, we have our Laboratory domain now. The slides have been up since yesterday.
Yes, it is time for a coffee. Unfortunately, it does not look as good as the one from the picture above. The slides can be found here. The next post is all about the QuickTime vulnerability which I partially-disclosed over here.
For my Black Hat talk I had to come up with some made-up terms in order to find sensible enough categories in which my material actually fits. So, I will put them all up here for feedback from the audience.
Cross-context Request Forgery
CCRF (Cross-context Request Forgery) is the generalized form of CSRF (Cross-site Request Forgery). Although, the general notation is that CSRF only applies to site-to-site types of attacks, the reality is very different. [...]
This is a continuation from my previous post. The reasons why GIFARs, although in my case it was JPGAR (from JPG + JAR), work was explained to me by FX (Recurity Labs) after my talk during the last Black Hat in Amsterdam.
Basically, when you combine GIF/JPG and JAR/ZIP you have a hybrid file which have two heads. The head of GIF/JPG file is at the top. The head of the JAR/ZIP file is at the bottom. [...]
The Black Hat Europe 2008 event took place on the 27th and 28th of March. In this post, you will be able to find information regarding my talk and research.
My presentation was titled Client-side Security. Here is the abstract:
The event was very interesting and very well organized. I met a lot of people and had very interesting discussions all together. You can download the conference materials from here. The paper is located here and the slides over here. [...]
I am just using the opportunity to let everybody (mainly pals who expect to see me there) know that I am heading off to Black Hat Europe 2008 in Amsterdam (as usual).
Supposedly, there are four full tracks for two days but I can see only two – or is that four track for two days – sounds more like it? I am speaking in track two on the first day, first slot, of the event, starting at 10:00 and finishing at 11:15, if everything goes as planned. [...]
test your web apps with websecurify application security testing runtime