Extrusion and Web Hacking
- Type
- Paper
- Tags
- covert channel, exploiting, web application, web server
- Authors
- Laurent Oudot
- Event
- Black Hat Abu Dhabi 2010
- Indexed on
- Mar 27, 2013
- URL
- https://media.blackhat.com/bh-ad-10/Oudot/BlackHat-AD-2010-Oudot-Extrusion-and-Web-Hacking-wp.pdf
- File name
- BlackHat-AD-2010-Oudot-Extrusion-and-Web-Hacking-wp.pdf
- File size
- 549.6 KB
- MD5
- 67c2302d8755a2538cfac8e33b1ad2f2
- SHA1
- 3c7d34f7e08533dea58a8c4b15137176b2ffee9e
This technical talk will focus on web attackers and how they try to handle extrusion issues. Indeed, when intruders get an illegal access on a web resource, it might become complex for them to keep a stealth and remote control without being caught. They usually try to create easy channels that allow them to get the very best from their target. But sometimes, they need to improve those concepts, especially against a hardened or monitored network. Based on real technical examples, we will describe how web attackers can anonymously talk to web backdoors, either by playing with HTTP issues or by finding secret paths to bounce out of DMZ (cover channels, etc). For this presentation to be accurate, we will also propose solutions, so that the defenders might detect or contain those attacks on their sensitive networks.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
