RUBEN VAN VREELANDHacking CEO

How and when to start a business

9 months is the time it takes companies to find out they

have been hacked.Lets change that to 50

milliseconds.

https://haveibeenpwned.com/

DEMO

Building BitSensor trough collaboration

WHY NOW?

$allowed = array('gif', 'png', 'jpg'); //Allowed extensions $filename = $_FILES['image']['name']; $exts = array_slice(explode('.', $filename), 1); //Get extensions

foreach ($exts as $ext) { if(!in_array($ext,$allowed) ) { trigger_error("Disallowed file format on upload"); } }

PHP ERROR: Disallowed file format on upload

foreach ($exts as $ext) { ` if(!in_array($ext,$allowed) ) { trigger_error("Disallowed file format upload"); } }

GET /integration-guide/content/gitbook/plugins/gitbook-plugin-search/search.js HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36Accept-Language: nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4

"input": { "http.get.b": "<script>alert(1)" }

Code Tripwire

Correlation

Input Analysis

Log analysisYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

$allowed = array('gif', 'png', 'jpg'); //Allowed extensions $filename = $_FILES['image']['name']; $exts = array_slice(explode('.', $filename), 1); //Get extensions

foreach ($exts as $ext) { if(!in_array($ext,$allowed) ) { trigger_error("Disallowed file format on upload"); } }

require_once 'phar://bitsensor.phar';

DEMO

HOW DO WE SELL?