[Owasp-phoenix] OWASP Feb 1st Meeting -- SharePoint Hacking - Advanced SharePoint Security Tools and Tips

Pete Roalofs pete.roalofs at owasp.org
Wed Jan 26 15:45:17 EST 2011

 Monthly Meeting - Tuesday February 1st 2011 6:30

*OWASP Phoenix invites you to it's February meeting!*
Tuesday February 1st 2011 6:30 - 7:30 PM at:

University of Advancing Technology 2625 W. BASELINE RD. TEMPE, AZ 85283-1056

The meetings are always free, unfortunately the drinks aren't.

Please forward this announcement to others that may be interested!

Join the mailing list: >>>>


 *SharePoint Hacking - Advanced SharePoint Security Tools and Tips*

*Speaker: *Francis Brown -Stach & Liu


Microsoft SharePoint products and technologies continue to grow in
popularity and have become the core foundation upon which many organizations
have built their web presence. Unfortunately, guidance concerning common
SharePoint security issues tends to be overly complex and often
misunderstood. Ultimately this results in insecurely configured and deployed
SharePoint instances in production environments.

This demonstration rich presentation will cover our newly released
SharePoint hacking tools and techniques that security professionals can
easily use to identify and exploit common insecure configurations in
SharePoint applications. Some of the areas we’ll attempt to tackle are:
• Identifying vulnerable SharePoint applications using public search engines
such as Google and Bing
• Gaining unauthorized access to SharePoint administrative web interfaces
• Exploiting holes in SharePoint site user permissions and inheritance
• Illustrating the dangers of granting excessive access to normal user
• Pillaging Active Directory via insecure SharePoint services
• Attacking 3rd party plugins/code within SharePoint
• And much more…


Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a
security consulting firm providing IT security services to the Fortune 500
and global financial institutions as well as U.S. and foreign governments.
Before joining Stach & Liu, Francis served as an IT Security Specialist with
the Global Risk Assessment team of Honeywell International where he
performed network and application penetration testing, product security
evaluations, incident response, and risk assessments of critical
infrastructure. Prior to that, Francis was a consultant with the Ernst &
Young Advanced Security Centers and conducted network, application,
wireless, and remote access penetration tests for Fortune 500 clients.*

*Francis has presented his research at leading conferences such as InfoSec
World, Black Hat USA, and DEFCON, and has been cited in numerous industry
and academic publications.*

*Francis holds a Bachelor of Science and Engineering from the University of
Pennsylvania with a major in Computer Science and Engineering and a minor in
Psychology. While at Penn, Francis taught operating system implementation, C
programming, and participated in DARPA-funded research into advanced
intrusion prevention system techniques.


Drinks will be found afterward at Doc & Eddies.
Doc & Eddy's, 909 East Minton Drive, Tempe, AZ 85282-7021
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-phoenix/attachments/20110126/7674f2f9/attachment.html 

More information about the Owasp-phoenix mailing list