Thanks to Adam Gerstein for reminding me to get off my butt and produce the Def Con 17 CSRF videos in a more streamable format.
Adobe Flash Player required; no, I won't pwn you.
If you'd like to see the whole presentation video, goofy as it may be, it's here.
Be forewarned, it's freaking huge and takes a fat pipe to pull it down in any reasonable amount of time.
The presentation slides are here.
The Dokeos CSRF PoC video is here.
The Linksys CSRF PoC video is here.
The osCommerce CSRF PoC video is here.
Note: Please don't use osCommerce, they still haven't fixed this and probably never will.
BONUS VIDEO (discussed but not shown at Def Con)
The Netgear CRSF PoC video is here (QuickTime and sorta crappy, sorry).
Enjoy.
Cheers.
del.icio.us | digg | Submit to Slashdot
Please support the Open Security Foundation (OSVDB)
Russ McRee's HolisticInfoSec™ includes articles and research, as well as feedback and an occasional rant. HolisticInfoSec™ promotes standards, simplicity, tooling and efficiency in achieving holistic information security.
Subscribe to:
Post Comments (Atom)
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ... -
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho...
1 comment:
FYI, that rxss is still there on ameriprise's site...
http://locator.ameripriseadvisors.com/?zip=%3C&x=15&y=14&page=results&solc_id=19819&vend_cd=ALA&offer_id=%22%3E%3CSCRIPT%3Ealert%28document.cookie%29%3C/SCRIPT%3E
enjoy
Post a Comment