Help Irongeek.com pay for bandwidth and research equipment:
The Badmin project: (Na-na-nanana Na-na-nanana BADMIN) Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)
The Badmin project: (Na-na-nanana Na-na-nanana BADMIN)
Web Application Firewall. Network Access Control. Intrusion Detection
Systems/Intrusion Preventions Systems. Intrinsic Heuristic Detectioneering
Devices, this presentation can exploit them all.
The security industry is awash with device strategies attempting to remediate
the most prevalent security issues in a single stroke. In fact, some of the
biggest names in security are attempting to squeeze as many buzz words into one
platform as possible to lure in the unknowing. This tactic gives them the
ability to market any product as a must-have for IT and security professionals,
while rudimentary security procedures are routinely overlooked. There is nothing
more basic than an admin portal that, due to incompetence or ignorance, has not
been fully customized for the application’s needs.
Quick Facts: Default Admin Login Portals are enabled on over a ten million
websites currently (stats only for /admin and /admin/login.php)
There are still portals in wide use on the net that God could get into (Yes,
even though he wouldn’t be up this late)
The Jolly Green Giant of information security, Gillis hails from southern
Alabama and currently makes his home in California. Employed at WhiteHat
Security in Santa Clara as an Application Security Engineer, He is way too
easily amused by insufficient authentication on admin portals and enjoys
trudging his way through the most difficult problems in security.