Thursday, August 8, 2013

DEF CON 21 / Evolving Exploits Through Genetic Algorithms / Updated slides

I made significant changes between when the CD was created for the DEF CON attendees,and when I actually gave the presentation; Attached is the version I used during the talk:
Please note that the statistics associated with various web scanners were performed over a series of 10 trials-5 SQLi, and 5 CMD injection using various vulnerable web pages.  As an addendum, I'm not the most proficient Burp user (I claim no significant proficiency / wizardry), so the extensive number of queries that I reported in the charts could be reduced with a more educated user of the tool in question.  My approach when gathering the data was to configure a given tool such that the following would hold true:
  • The primary concern is non-manual interaction with the scanning tool
  • The secondary concern with tool configuration is to create an exploit (if the tool allows for such)
  • The tertiary concern is with vulnerability identification
  • The quaternary concern is with stealth (I.E., least number of requests per amount of time)
Hopefully that should provide a better context for the results presented in the slides.

-soen
Posted by at No comments:
Labels: , , , , , ,

Wednesday, August 7, 2013

DEF CON 21 / Forced Evolution

Thanks to the Goons who gave me whiskey during my talk at DEF CON, it was a welcome interruption!

Well, now that conference is over, life is beginning to resume back to the slower pace of just a mild panic.  I'm a fair bit behind on a number of articles I was planning on posting, namely:

  1. Posting my updated slides on Forced Evolution
  2. ShakaCon 5 challenge write ups (as well as posting them to the CTF repo)
  3. Forced Evolution revised code (which is significantly cleaner and easier to use than the current version at https://github.com/soen-vanned/forced-evolution)
  4. Forced Evolution documentation / White paper, laying out my reasons for using the fitness functions I did / did not use, as well as the tweakings of the other settings in an attempt to avoid local (sub-optimal) solutions, and the roadmap for the future of the tool.
  5. Publish / CVE stamp the ~6 blind-SQL 0days I found in the days leading up to DEF CON in a futile attempt to drop a non-blind-SQLi during my talk
So, as the weekend approaches, you can expect some progress to be made on the aforementioned articles :)

-soen
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)