[Owasp-phoenix] July meeting

andrew Wilson a.wilson82 at gmail.com
Fri Jun 18 19:39:27 EDT 2010


This upcoming July we have Mike Brooks coming to discuss attacking LAMP and
techniques to find vulnerabilities.  If you can attend, this is going to be
a great presentation.


Tuesday July 66h 2010 6:30 - 7:30 PM at University of Advancing Technology


I have been writing exploit code for the LAMP platform for over 4 years (
http://www.milw0rm.com/author/677).  I am speaking at the upcoming Defcon 18
and it will be my 4th time speaking there.   I am a mentor and I have the
most points for security answers on stackoverflow.com (The Rook).
According to the DHS I found the most dangerous CSRF vulnerability ever
discovered and it is in the top 1,000 most dangerous vulnerabilities of all
hack to live , live to hack

Since I have been writing exploits for LAMP it has gotten more difficult to
execute arbitrary code.    For instance the introduction of technologies
AppArmor on a default Ubuntu install and hardened default PHP configurations
have made the process more complex. The applications them selfs have gotten
more difficult to exploit each time vulnerabilities are patched.   It is
still possible to create wormable exploits by chaining vulnerabilities.   In
this talk I will be going over the anatomy of a modern LAMP exploit written
for PHP-Nuke.  I will also cover the techniques I used to find these
vulnerabilities as well as methods used in exploit development.   The
Register refereed to this exploit as an "Apocalyptic Infection" in one of
their articles,  this is a great complement to any security researcher but I
still prefer my title "masSEXploitation".

Drinks will be found afterword at Doc & Eddies.

Doc & Eddy's, 909 East Minton Drive, Tempe, AZ 85282-7021

“If I had six hours to chop down a tree, I’d spend the first four of them
sharpening my axe”.

-Abraham Lincoln
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-phoenix/attachments/20100618/014eb9c7/attachment.html 

More information about the Owasp-phoenix mailing list