A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


 ‘) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniques’)%00 - Roberto Salgado Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

‘) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniques’)%00 - Roberto Salgado
Derbycon 2013

Description: “This talk will present some of the newest and most advanced optimization and obfuscation techniques available in the field of SQL Injections. These techniques can be used to bypass web application firewalls and intrusion detection systems at an alarming speed. This talk will also demonstrate these techniques on both open-source and commercial firewalls and present the ALPHA version of a framework called Leapfrog which Roberto is developing; Leapfrog is designed to assist security professionals, IT administrators, firewall vendors and companies in testing their firewall rules and implementation to determine if they are an adequate enough defense measure to stop a real cyber-attack. Many of the techniques that will be presented were created by Roberto Salgado and are currently some of the fastest methods of extracting information from a database through SQL Injections. Roberto will demonstrate how to reduce the amount of time it takes to exploit a SQL Injection by over a third of the time it would normally take. He will also demonstrate why firewalls and intrusion detection systems are not the ultimate solution to security and why other measurements should also be implemented.”

Bio: “As an Information Security specialist, Roberto has always been passionate about his line of work and has had several years of experience researching and experimenting in this field. In saying this, Roberto’s expertise is brought forth by his continuing commitment to exploring the cutting edge of today’s security challenges, and finding solutions to these security problems. This driving passion has given him the opportunity to participate and contribute to great projects such as Modsecurity, PHPIDS, SQLMap and the Web Application Obfuscation book. He also created and maintains the SQL Injection Knowledge Base, an invaluable resource for penetration testers when dealing with SQL Injections. In his free time Roberto enjoys creating SQL Injection challenges for both the security community and himself to learn from. Additionally, Roberto enjoys programming in Python and has created projects like Panoptic, a penetration testing tool that automates the search and retrieval of common log and config files through LFI vulnerabilities.”

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast