Cognitive and Scientific Brainology
Face - detect,track,recognize,extract features,learn emotions,character animation.
Categories: Conference, #days, AthCon, CanSecWest, CCC, EuSecWest, Hack In Paris, hack.lu, HackCon, HITB, HITB-AMS, PHDays.ru, phNeutral, SEC-T, SyScan, T2.fi, Write-up
ADS-B research was worth it - ICAO to create Cyber Security Task Force (CSTF)!
ADS-B research was worth it!
ICAO to create Cyber Security Task Force (CSTF) - Our research is mentioned as key points!
Thanks to Aimee Turner for notifying us.
Errata: In the above PDF, it is wrongly mentioned “Dr. Andrei Costin” - wish I 
. It’s still a long way, until than it should read “PhD candidate”
AthCon3 2012 Day2, Track1, 18:00-18:50 "Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"
Code:
athcon.org | |
Athens, 3-4 May, 2012 | |
Day2, Track1, 18:00-18:50 | |
"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements", | |
Michele Orru | |
| |
"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements" | |
| |
BeEF | |
| |
Demo Using the BeEF restuful api | |
1. beef programatically accessing metasploit | |
2. injects beef into some victim browser | |
3. inject an applet, then use the javascript to java communication to ge tthe hava version based on the hdk | |
4. then in meterpreter sysinfo to get the system info | |
5. then inject the "execute calc.exe" in the victim's machien thru the injjected java applet | |
| |
New additions | |
ajax calls posioning (xml request object is overriding) | |
the module can have the target+_blank not to lose the victim | |
getting the Persistence (history) from the civtim vrowsaer | |
| |
New feature (in a testing branch - to be added soon) | |
websocket support | |
currently beef uses XHR, but for speed needs websocket | |
| |
XHR in beef | |
pro - works everywhere (ie, chrome) | |
cons - (TODO) | |
| |
if beef.browser.hasWebSocket(), don't use XHR pollin, open a websocket channel | |
support: firefox, chrome, safari, also mozwebsocket | |
https://github.com/radoen/beef-radoen - the experimental phase | |
| |
Possibilities with WS | |
real time VNC like hooked browser control | |
faster tunneling proxy (fuzzin thru the hooked browser 4-5 times faster) | |
general faster communication | |
| |
| |
Demo - BeEF with WS | |
launch 1000 XHR-polling vs WS-based request | |
| |
XssRays | |
originally as pure JS-based XSS scanner, then integarted in beef | |
| |
xssrays operation | |
a page with links/forms which do get/post request intra or cross domain | |
it adds the hidden iframe for each of the requests | |
if the iframe is loading, then the resource was XSS-vulnerable | |
it also works CROSS-DOMAINS (respecting the SOP!) |
Ghost is in the Air(Traffic) - BlackHat 2012 - ADS-B ATC hacking - real airplane replay, fake airplane spoofing/impersonation
Ghost is in the Air(Traffic) - BlackHat 2012 - ADS-B ATC hacking - real airplane replay, fake airplane spoofing/impersonation
Downloads
- “Ghost is in the Air(Traffic)” BlackHat 2012 Slides
- “Ghost is in the Air(Traffic)” BlackHat 2012 Whitepaper
Timelines
- Jun-2011 - Jul-2011 - Initial interest and research started
- Jul-2011 - Feb-2012 - Some low-pace experiments, study of specifications, experiments, additional hardware acquisition
- Feb-2012 - Mar-2012 - Revived interest
- Mar-2012 - May-2012 - Development and preparation for BlackHat 2012 application
- May-2012 - Application for BlackHat 2012 application
- 07-Jul-2012 - Whitepaper and slides limited access available to BlackHat 2012 organizers only
- 23-Jul-2012 - Whitepaper and slides public access available to all
Demo Ghost is in the Air(Traffic) - BlackHat 2012 - Airplane replay, fake airplane spoofing/impersonation
HIP2012 - Overview
Hack in Paris 2012 and Nuid du Hack 2012 are over - these were quite some nice days !
I would like to first thank the organizers, Sysdream and all the crews, for these two great events.
Hack In Paris is a all-in-all fun event, with great audience and smooth organization!
Nuid de Hack, on the over hand is a crazy gathering of enormous number of people under one roof (literally) and where you have the opportunity to meet from fiercful hard core hackers to pretty creative and constructive robot/cnc-mill makers who will share their great ideas and experience as part of the multitude of workshops taking place during the entire night!
AthCon3 2012 - Overview
AthCon3 (2012) was a pleasant surprise - Kris and Kyp and their crew did a great job putting it all together so nicely!
It was a very technical, 1-track 2-day conference in Athens, or better said in a very nice green&quiet country club right outside of Athens.
I have been surprised also by the following facts:
- the audience was mostly young professionals
- the number of attendees was pretty impressive for a hacker/security scene which is not much advertising itself
- the audience definitely featured a pool of both raw and polished talent which could be a gold mine for headhunters
:: Next Page >>
zveriu_biz 
686769 
Ads
Cognitive and Scientific Brainology
A deep dive into brain's curiosities
| Next >
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Friends
Categories
- All
- ACSA (10)
- AskAmit (12)
- Conference (35)
- DailySpammer (11)
- Fun (8)
- In real life (8)
- On the web (22)
- GSM (2)
- Hardware (12)
- RFID (1)
- Security (6)
- Software (28)
Archives
- October 2012 (1)
- September 2012 (2)
- August 2012 (1)
- July 2012 (2)
- June 2012 (26)
- May 2012 (3)
- April 2012 (1)
- March 2012 (5)
- February 2012 (2)
- January 2012 (3)
- November 2011 (2)
- June 2011 (1)
- More...
Misc
XML Feeds
What is RSS?
