Friday, March 23, 2012

CPE: McAfee AudioParasitic: Episode 17 Offensive side of Security

length:  00:28:59
Special guess Dave Aitel from Immunity – originally from @stake before NIST

Offensive side – security company that provide security tool to test

CANVAS  - penetration testing framework

I want to write exploit for living…we like to find exploits we like to find vulnerability – we like to get paid for it

They made unmask because the code is bad
They are group who targeted sw made by immunity
They found cool cross side scripting

You could attack Canvas quite successfully, surprisingly they have not receive any reporting of vulnerability

Who is the new Britney Spears? It’s the iPhone
Google phone – they want to be the windows of content

Biggest problem: ppl think about deployment then security…

Gmail- why we have to host our own mail server?

Web security analysis – the bet way is NOT to reply on scanner BUT to look at the SQL API to check if there is any vulnerability…
That’s why the debugger become the agent.

One day: agent become analyzer – find -  fix – BUT not feasible as target keep on moving.

Microsoft should be in a VM!!

VM is a tool that McAfee use a lot  - a lot of time when the malware realized  that is in VM environment – it shuts down..

CANVAS – potentially the tool can be used to penetrate, but not the best tool to help the bad guys..

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home