The (Almost) Final Countdown
It's less than a week until Black Hat Europe 2013; do you have your airfare and accommodations squared away? Get on that. In the meantime, today's trio of Black Hat Briefings offer attendees even more tools for the ol' security toolbox.
When something's labeled a "security appliance," there's a very strong implication that it will provide a competent level of protection to the systems it's configured to secure. Ben Williams interest in security appliances stems from his work for a security appliance manufacturer as well as his current work with NCCGroup as a Pentester. In Hacking Appliances: Ironic Exploitation of Security Products, Williams will cover common vulnerabilities found across various appliances, and highlight interesting attack vectors through which external attackers can exploit vulnerabilities in appliances to gain control over gateways, firewalls, email, VPN solutions, and access the internal network.
Game devs are pushing out online games at an incredible rate, and many attract thousands upon thousands of players. Needless to say, these are fertile grounds for discovering massive exploits. In Multiplayer Online Games Insecurity Donato Ferrante and Luigi Auriemma of ReVuln Ltd. will delve into the current status of online game security, including a detailed look at Steam Browser Protocol security and a new 0-day affecting a well-known multiplayer game.
Our last highlighted Briefing today is XML Out-of-Band Data Retrieval, in which web application security specialists Alexey Osipov and Timur Yunusov will lay out a brand-new technique for out-of-band data retrieval. Their technique allows the attacker to access files and resources from a victim's computer and internal network, even when no normal output is possible from the XML-handling application.
Black Hat Europe 2013 will take place March 12-15 at the Grand Hotel Krasnapolsky in Amsterdam. You can follow us on Twitter for updates.