Cognitive and Scientific Brainology

Security - consulting,assessment,research,solutions,penetration tests.
Face - detect,track,recognize,extract features,learn emotions,character animation.

Category: Write-up

AthCon3 2012 Day2, Track1, 18:00-18:50 "Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"

09/19/12 | by zveriu | Categories: Conference, AthCon, Write-up

Download here.

Code:

	`athcon.org`
	`Athens, 3-4 May, 2012`
	`Day2, Track1, 18:00-18:50`
	`"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements",`
	`Michele Orru`

	`"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"`

	`BeEF`

	`Demo Using the BeEF restuful api`
	`1. beef programatically accessing metasploit`
	`2. injects beef into some victim browser`
	`3. inject an applet, then use the javascript to java communication to ge tthe hava version based on the hdk`
	`4. then in meterpreter sysinfo to get the system info`
	`5. then inject the "execute calc.exe" in the victim's machien thru the injjected java applet`

	`New additions`
	`ajax calls posioning (xml request object is overriding)`
	`the module can have the target+_blank not to lose the victim`
	`getting the Persistence (history) from the civtim vrowsaer`

	`New feature (in a testing branch - to be added soon)`
	`websocket support`
	`currently beef uses XHR, but for speed needs websocket`

	`XHR in beef`
	`pro - works everywhere (ie, chrome)`
	`cons - (TODO)`

	`if beef.browser.hasWebSocket(), don't use XHR pollin, open a websocket channel`
	`support: firefox, chrome, safari, also mozwebsocket`
	`https://github.com/radoen/beef-radoen - the experimental phase`

	`Possibilities with WS`
	`real time VNC like hooked browser control`
	`faster tunneling proxy (fuzzin thru the hooked browser 4-5 times faster)`
	`general faster communication`


	`Demo - BeEF with WS`
	`launch 1000 XHR-polling vs WS-based request`

	`XssRays`
	`originally as pure JS-based XSS scanner, then integarted in beef`

	`xssrays operation`
	`a page with links/forms which do get/post request intra or cross domain`
	`it adds the hidden iframe for each of the requests`
	`if the iframe is loading, then the resource was XSS-vulnerable`
	`it also works CROSS-DOMAINS (respecting the SOP!)`

Leave a comment •

HIP2012 - Overview

07/01/12 | by zveriu | Categories: Conference, Hack In Paris, Write-up

Hack in Paris 2012 and Nuid du Hack 2012 are over - these were quite some nice days !

I would like to first thank the organizers, Sysdream and all the crews, for these two great events.

Hack In Paris is a all-in-all fun event, with great audience and smooth organization!

Nuid de Hack, on the over hand is a crazy gathering of enormous number of people under one roof (literally) and where you have the opportunity to meet from fiercful hard core hackers to pretty creative and constructive robot/cnc-mill makers who will share their great ideas and experience as part of the multitude of workshops taking place during the entire night!

Leave a comment •

AthCon3 2012 - Overview

07/01/12 | by zveriu | Categories: Conference, AthCon, Write-up

AthCon3 (2012) was a pleasant surprise - Kris and Kyp and their crew did a great job putting it all together so nicely!

It was a very technical, 1-track 2-day conference in Athens, or better said in a very nice green&quiet country club right outside of Athens.

I have been surprised also by the following facts:

the audience was mostly young professionals
the number of attendees was pretty impressive for a hacker/security scene which is not much advertising itself
the audience definitely featured a pool of both raw and polished talent which could be a gold mine for headhunters

Leave a comment •

#hitb2012ams - Overview

06/27/12 | by zveriu | Categories: Conference, HITB, HITB-AMS, Write-up

What can be more fun and crazier than Amsterdam? That’s right - HTIB2012 in Amsterdam !

It is over now and I would like to take this opportunity to thank the reviewers and the organizers for providing the chance to meet them and meet other cool presenters and the extraordinary audience!

Special thanks to Dhillon, @fish_, Yuri, Amy - you guys&gals rock!

Leave a comment •