First of all, thanks to Mario Heiderich and Marcus Niemietz for the invitation.
The talk went very well, covering several things:
- communication channels: the default XHR-polling channel, and the new WebSocket channel;
- XssRays integration: new enhancements (works with Webkit-based browsers that use XssAuditor, IE6 to 10);
- abusing Chrome extensions: the Fake Flash Update module coded by Mike Haworth, and a few Chrome extension modules we have in BeEF (like the one you can use to inject the hook in all the open tabs). Imagine the impact of this (see screenshot below, where one of the tabs where the BeEF hook was injected is LinkedIn);
- tunneling proxy: speed/performance enhancements while using WebSockets (4/5x times faster);
- Evasion extension: for the first time, I was presenting the experimental Evasion extension. The aim of the extension is to obfuscate the hook and all code sent to the hooked browsers in order to evade passive regex-based filters. You can define your own obfuscation techniques, specifying in which order they need to be called. Right now we have 3 techniques: scramble (static string substitution, for example you don't see anymore beef in the hook), minify (awesome to save size) and base64. XOR is coming soon.
The talk went well, and as I promised there were a lot of live demos. Actually only one demo was not live. I've played again the Java mass pwner that uses RESTful API scripts, originally presented at AthCon 2012.
After the talk we all went to a GDATA building together with Karsten Tellmann, Felix @fluxfelix and other guys from @fluxfingers . Meeting Udo Strauch, the guy responsible for food and drinks, was a unique event :D His fine selection of rare beers was amazing: he particularly like some rare beers (honestly I didn't know them) from Teo Musso, an italian guy. The beers where really tasty and flavored, ans 8 to 10 percent :D
We were partying hard until late in the night. The next day I met up with Reiners, Tilman Frosch, and partially followed (it was in encrypted German) Felix's awesome lecture about reversing.
To conclude, it was a great time. They really took good care of me. Definitely two non-conventional days for a university seminar. Really recommended to everyone (entrance was free as well of course).
You can enjoy the slides/recording here. This was the first time I could watch the recording of my talk the next day :D
The blog or and best that is extremely useful to keep I can share the ideas
ReplyDeleteof the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
tanki online | 2048 game| tanki online game
Jual Obat Aborsi
ReplyDeleteObat Aborsi
Obat Penggugur Kandungan
Jual Obat Cytotec
Jual Obat Aborsi Ampuh
Jual Obat Aborsi Asli Tuntas
Cara Menggugurkan Kandungan Janin
Obat Aborsi Asli Aman
Obat Aborsi Cytotec
Jual Obat Cytotec
Jual Cytotec Asli
Jual Cytotec
Klinik Obat Aborsi
Jual Obat Aborsi Cytotec
Jual Obat Aborsi Asli Ampuh
Obat Aborsi Asli
Obat Aborsi
Jual Obat Aborsi Asli Manjur
Obat Penggugur Kandungan Ampuh
Jual Obat Aborsi Online
Jual Obat Aborsi Asli Aman
Obat Penggugur Janin
Jual Obat Aborsi Kandungan
Obat Aborsi kandungan
Jual Obat Aborsi Kandungan Asli
Obat Aborsi Cytotec Asli
Jual Obat Aborsi Cytotec Ampuh
Obat Penggugur Kandungan Asli
Jual Obat Cytotec
Jual Obat Cytotec Asli
Jual Cytotec
Klinik Aborsi Aman
Jual Obat Aborsi Asli
Jual Obat Aborsi
Jual Obat Aborsi Asli
Jual Obat Aborsi Asli Ampuh
Jual Obat Aborsi Asli Tuntas
Jual Obat Aborsi Asli Manjur
Obat Penggugur Kandungan Aman
Obat Aborsi
Jual Obat Aborsi Cytotec Asli
Obat Aborsi Asli
Klinik Aborsi
Jual Obat Aborsi Ampuh
Jual Obat Aborsi Cytotec Ampuh
Jual Obat Aborsi Cytotec Asli
Jual Obat Aborsi Tuntas
Jual Obat Aborsi
Obat Aborsi Ampuh
Obat Aborsi
Obat Aborsi Asli Ampuh
Obat Aborsi Penggugur Kandungan