About Me - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

About Me

Description:

Yes, we are for hire (but we're small) ... PoF. Better Intranet/Localhost lookups/port scanning. De-anon via non HTTP protocols ... – PowerPoint PPT presentation

Number of Views:81
Avg rating:3.0/5.0
Slides: 9
Provided by: seattle4
Category:
Tags: pof

less

Transcript and Presenter's Notes

Title: About Me


1
(No Transcript)
2
About Me
  • RSnake
  • Founded the web application security lab
  • http//ha.ckers.org/ - the lab
  • http//sla.ckers.org/ - the forum
  • SecTheory LLC - http//www.sectheory.com/
  • Boutique Internet Security Consulting
  • Web Application/Browser Security
  • Network/OS Security
  • Yes, we are for hire (but we're small)

3
History
  • Web recon is a lost art except for spammers and
    advertisers
  • Death by 1000 Cutts
  • Loosely based on Black Dragon
  • Designed to do targeted or untargeted attacks
  • Why the name Mr. T?

4
Master Recon-Tool
  • Who wants to see a picture of Mr. T?
  • Throw your hands in the air, like you just dont
    care!

5
Detection/Evasion
  • Its noisy.
  • Its easy to detect.
  • Its easy to evade.
  • But no one will.

6
Bugs
  • Its buggy especially cross browser
  • but thats sort of the point.
  • The internal IP isnt available in JS space
  • yeah, I know.
  • Its slow
  • but not that slow though that could eventually
    be a problem.
  • Itll get patched
  • It has to evolve to be useful its never done.

7
Next Steps
  • Its missing
  • IP to GEO (could leach this from
    AdultFriendFinder)
  • More MHTML stuff
  • Whois (this can be done asynchronously though)
  • PoF
  • Better Intranet/Localhost lookups/port scanning
  • De-anon via non HTTP protocols
  • Enumerate clsids for interesting installed apps
  • ?

8
Questions/Comments?
  • Download it here
  • http//ha.ckers.org/mr-t/mr-t.zip
  • RSnake
  • h_at_ckers.org
  • http//ha.ckers.org/
  • http//sla.ckers.org/
  • XSS Book XSS Exploits and Defense
  • ISBN 1597491543
Write a Comment
User Comments (0)
About PowerShow.com