[Noisebridge-discuss] Security group notes
Micah Lee
micahflee at gmail.com
Mon Oct 26 05:38:59 UTC 2009
I would be into leading a security talk on Thursday night at 8pm about HTTP
session sidejacking, and man-in-the-middle attacks. I think a huge part of
computer security that doesn't at all fall under the "input validation"
category (what we briefly talked about last week) is network traffic
sniffing and manipulation, and so it would be cool to cover it.
I don't have a _whole_ lot of experience actually doing these attacks (so I
might mess up in the demo), but I've been playing with ettercap for MitM
attacks, and hamster and ferret for HTTP session sidejacking at home the
last couple days. I would be into doing a demo that involves MitM'ing a
volunteer (and only that volunteer, no one else on the noisebridge network),
sniffing traffic as they use some authenticated web service like Facebook,
Twitter, etc., and then loading their cookies into my browser to be actively
logged in as them on my computer.
I'd also be happy to show how to set up a dynamic SSH tunnel and configure
Firefox to protect yourself against these attacks in public places.
Micah
On Sat, Oct 24, 2009 at 3:41 AM, Sai Emrys <noisebridge at saizai.com> wrote:
> Root escalation attacks would be neat.
>
> So would a nonsuperficial demo/review of metasploit and how to code for it.
>
> - Sai
>
> SuperDeploy: Capistrano goodness - http://github.com/saizai/superdeploy/
>
>
> On Fri, Oct 23, 2009 at 10:55 AM, John Menerick <john.menerick at gmail.com>
> wrote:
> > I will be more than happy to fill in. Anyone want me to cover a subject
> > of their interest?
> >
> >
> >
> > John
> > irc: liquidsun|
> > url: www.securesql.info
> >
> >
> >
> >
> > aestetix aestetix wrote:
> >> Before I forget to post this...
> >>
> >> Had a fun lecture session last night. Went over XSS and a few other
> >> things. You can find basic notes on the wiki page:
> >> https://www.noisebridge.net/wiki/Security_Group
> >>
> >> I can't make it next week, so anyone wanna fill in?
> >> ------------------------------------------------------------------------
> >>
> >> _______________________________________________
> >> Noisebridge-discuss mailing list
> >> Noisebridge-discuss at lists.noisebridge.net
> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >>
> >
> > _______________________________________________
> > Noisebridge-discuss mailing list
> > Noisebridge-discuss at lists.noisebridge.net
> > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091025/11f8ee24/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list