| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
This talk is going to be centered around Yasuo, an open,source
vulnerable application scanner purely written in Ruby, that we
will be releasing at the conference. If you search through
Exploit,db, there are over 10, 000 remotely exploitable
vulnerabilities that exist in tons of web applications and could
allow an attacker to completely compromise the back,end
server. These vulnerabilities range from RCE to malicious
file uploads to SQL injection to LFI and so on. We often talk
about exploiting JBoss jmx,console, Apache tomcat manager
but that’s just scratching the surface. A random wise man
once said, It’s not about what, it’s about where. With all the
modern network protections these days, a smart hacker,
good or bad, is always looking for that one IP, one port, one
application that could be exploited to penetrate through the
network. Yasuo is built to quickly scan the network for such
vulnerable applications thus serving pwnable targets on a
silver platter. During this talk, we will elaborate on the develop
,
ment of Yasuo, the problem, the challenges and how it can be
effective in hacking an organization in the real,world scenario
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast