Presentation Title: Pushing the Camel Through the Eye of a Needle
Presentation Abstract:

Disclaimer: This talk will be as web2.0 correct as possible and will demonstrate healthy network ownage using all of todays cool buzzwords like Ajax, XML, XSRF, XSRT and SOAP..

In 2007 SensePost demonstrated the how DNS and Timing attacks could be used for a variety of attacks. This year we take those attacks further and show how small footholds in a target network can be converted into portals we can (and do) drive trucks through! With some updated SensePost tools, and some brand new ones, we will demonstrate how to convert your simple SQL Injection attacks (against well hardened environments) into point and click (well, type and click) ownage, how the framework management pages you never knew you had, can double as our network proxies and why despite all of the hype around SQL Server 2005, we still enjoy finding it behind vulnerable web applications.

The talk is fairly technical and expects that the attendees understand the basics of Web Application and Web Browser based attacks. Attendees will leave with new attack vectors, a couple of new tools and some thoughts on future directions of these attacks.

About Charl

Charl van der Walt is a founding member and Managing Director of SensePost - a leading international information security services provider and member of the SecureData group. Charl regularly presents courses and lectures for companies, conferences and universities world over. He is frequently published and has co-authored four different books on information security and computer hacking, including the most recent on Penetration Testing tools and techniques for Syngress Publishing. Charl has a dog called Rabbit.