Despite a rough start getting everyone setup with the VM, this was a fun exercise in thinking about being outside the box and finding a way in. Good hands on session to get one into the mentality of "How can someone break my sh... stuff".
David managed to de-mystify a lot of what at first seemed like daunting things. Very good structure of the whole session with nice informative start, let us go at the perfect time, kept holding us in hand just enough and was a good sport with all comments and questions from the audience.
Finished by following through to show how each exploit could have been prevented and explained the cause of it actually being a exploit in a very informative and pedagogical matter.
Most fascinating is how well prepared he came with usb sticks having a working virtualized server all configured with a professional web site built using modern technologies for us to use on our machines. The site at first seemed impenetrable but turned out not being the case thanks to his excellent teaching.
He gave us the whole box to hang on to and promised to give us the slide deck too which would allow us to continue our learning after the session was over. I could not recommend this session more, simply brilliant!
This presentation was awesome, and nonwithstanding the network vm issue, having a vm ready to import was brilliant. However, for someone who is new to hacking, it would have been really helpful if there had been a handout of some sort that showed some common hacks - the same thing that was in the slides - that I could reference while trying various hacks.
Interesting overview of some common attack vectors used to create headaches for world. A great hands on how to test your sites to these issues. Well done.
As a relatively new PHP dev, this was a bit over my head, but, as I found throughout php[tek], helpful neighbors showed me the ropes, for which I'm very grateful.
I came away from the session with a much better understanding of where to look for trouble spots, and a nifty hackable vm to share with my coworkers.
Comments
Comments are closed.
I enjoyed the session :)
great session
Despite a rough start getting everyone setup with the VM, this was a fun exercise in thinking about being outside the box and finding a way in. Good hands on session to get one into the mentality of "How can someone break my sh... stuff".
I'm going to have nightmares about image uploads now.
Fantastic tutorial.
David managed to de-mystify a lot of what at first seemed like daunting things. Very good structure of the whole session with nice informative start, let us go at the perfect time, kept holding us in hand just enough and was a good sport with all comments and questions from the audience.
Finished by following through to show how each exploit could have been prevented and explained the cause of it actually being a exploit in a very informative and pedagogical matter.
Most fascinating is how well prepared he came with usb sticks having a working virtualized server all configured with a professional web site built using modern technologies for us to use on our machines. The site at first seemed impenetrable but turned out not being the case thanks to his excellent teaching.
He gave us the whole box to hang on to and promised to give us the slide deck too which would allow us to continue our learning after the session was over. I could not recommend this session more, simply brilliant!
What a great exercise. The best defense in Web Security is to know your enemy!
This tutorial gave us a great look into the mind of hackers out there trying to hax0r our b0xen
Great job! I was really impressed with how everyone helped out in the beginning making sure everyone's VirtualBox was up and running.
Great community!
liked it alot
Thanks for the great code / ;) Excellent presentation, just looking for the slides
great tutorial! thank you!
Good examples and I liked how you provided an exploitable VM to work with.
Great session.
This presentation was awesome, and nonwithstanding the network vm issue, having a vm ready to import was brilliant. However, for someone who is new to hacking, it would have been really helpful if there had been a handout of some sort that showed some common hacks - the same thing that was in the slides - that I could reference while trying various hacks.
The hands on was really fun, but the theory part felt a bit rush. Glad we have the slides available.
Interesting overview of some common attack vectors used to create headaches for world. A great hands on how to test your sites to these issues. Well done.
Great intro to common vulnerabilities and how to fix them. Thanks!
As a relatively new PHP dev, this was a bit over my head, but, as I found throughout php[tek], helpful neighbors showed me the ropes, for which I'm very grateful.
I came away from the session with a much better understanding of where to look for trouble spots, and a nifty hackable vm to share with my coworkers.