This technical talk will focus on web attackers and how they try to handle extrusion issues. Indeed, when intruders get an illegal access on a web resource, it might become complex for them to keep a stealth and remote control without being caught. They usually try to create easy channels that allow them to get the very best from their target. But sometimes, they need to improve those concepts, especially against a hardened or monitored network. Based on real technical examples, we will describe how web attackers can anonymously talk to web backdoors, either by playing with HTTP issues or by finding secret paths to bounce out of DMZ (cover channels, etc). For this presentation to be accurate, we will also propose solutions, so that the defenders might detect or contain those attacks on their sensitive networks.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.