A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


The Badmin project: (Na-na-nanana Na-na-nanana BADMIN) Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)

The Badmin project: (Na-na-nanana Na-na-nanana BADMIN)
Derbycon 2012

Web Application Firewall. Network Access Control. Intrusion Detection Systems/Intrusion Preventions Systems. Intrinsic Heuristic Detectioneering Devices, this presentation can exploit them all.

The security industry is awash with device strategies attempting to remediate the most prevalent security issues in a single stroke. In fact, some of the biggest names in security are attempting to squeeze as many buzz words into one platform as possible to lure in the unknowing. This tactic gives them the ability to market any product as a must-have for IT and security professionals, while rudimentary security procedures are routinely overlooked. There is nothing more basic than an admin portal that, due to incompetence or ignorance, has not been fully customized for the application’s needs.

Quick Facts: Default Admin Login Portals are enabled on over a ten million websites currently (stats only for /admin and /admin/login.php)

There are still portals in wide use on the net that God could get into (Yes, even though he wouldn’t be up this late)

Gillis Jones

The Jolly Green Giant of information security, Gillis hails from southern Alabama and currently makes his home in California. Employed at WhiteHat Security in Santa Clara as an Application Security Engineer, He is way too easily amused by insufficient authentication on admin portals and enjoys trudging his way through the most difficult problems in security.
 

Back to Derbycon 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast