[Owasp-phoenix] OWASP Feb 1st Meeting -- SharePoint Hacking - Advanced SharePoint Security Tools and Tips

Pete Roalofs pete.roalofs at owasp.org
Mon Jan 31 14:58:16 EST 2011


> Monthly Meeting - Tuesday February 1st 2011 6:30
>
> *OWASP Phoenix invites you to it's February meeting!*
> Tuesday February 1st 2011 6:30 - 7:30 PM at:
>
> University of Advancing Technology 2625 W. BASELINE RD. TEMPE, AZ
> 85283-1056
>
> The meetings are always free, unfortunately the drinks aren't.
>
>
> Please forward this announcement to others that may be interested!
>
> Join the mailing list: >>>>
> https://lists.owasp.org/mailman/listinfo/owasp-phoenix
>
> http://www.owasp.org/index.php/Phoenix
>
>
>  *SharePoint Hacking - Advanced SharePoint Security Tools and Tips*
>
> *Speaker: *Francis Brown -Stach & Liu
>
> *
> *
>
> Microsoft SharePoint products and technologies continue to grow in
> popularity and have become the core foundation upon which many organizations
> have built their web presence. Unfortunately, guidance concerning common
> SharePoint security issues tends to be overly complex and often
> misunderstood. Ultimately this results in insecurely configured and deployed
> SharePoint instances in production environments.
>
> This demonstration rich presentation will cover our newly released
> SharePoint hacking tools and techniques that security professionals can
> easily use to identify and exploit common insecure configurations in
> SharePoint applications. Some of the areas we’ll attempt to tackle are:
> • Identifying vulnerable SharePoint applications using public search
> engines such as Google and Bing
> • Gaining unauthorized access to SharePoint administrative web interfaces
> • Exploiting holes in SharePoint site user permissions and inheritance
> • Illustrating the dangers of granting excessive access to normal user
> accounts
> • Pillaging Active Directory via insecure SharePoint services
> • Attacking 3rd party plugins/code within SharePoint
> • And much more…
>
> .
>
> *Bio:**
> Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a
> security consulting firm providing IT security services to the Fortune 500
> and global financial institutions as well as U.S. and foreign governments.
> Before joining Stach & Liu, Francis served as an IT Security Specialist with
> the Global Risk Assessment team of Honeywell International where he
> performed network and application penetration testing, product security
> evaluations, incident response, and risk assessments of critical
> infrastructure. Prior to that, Francis was a consultant with the Ernst &
> Young Advanced Security Centers and conducted network, application,
> wireless, and remote access penetration tests for Fortune 500 clients.*
>
> *Francis has presented his research at leading conferences such as InfoSec
> World, Black Hat USA, and DEFCON, and has been cited in numerous industry
> and academic publications.*
>
> *Francis holds a Bachelor of Science and Engineering from the University
> of Pennsylvania with a major in Computer Science and Engineering and a minor
> in Psychology. While at Penn, Francis taught operating system
> implementation, C programming, and participated in DARPA-funded research
> into advanced intrusion prevention system techniques.
>
> *
>
> Drinks will be found afterward at Doc & Eddies.
> Doc & Eddy's, 909 East Minton Drive, Tempe, AZ 85282-7021
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-phoenix/attachments/20110131/03ac2346/attachment.html 


More information about the Owasp-phoenix mailing list