23
RUBEN VAN VREELAND Hacking CEO How and when to start a business
| Date post: | 26-Jan-2017 |
| Category: |
Software |
| Upload: | it-talent-college |
| View: | 78 times |
| Download: | 0 times |
RUBEN VAN VREELANDHacking CEO
How and when to start a business
9 months is the time it takes companies to find out they
have been hacked.Lets change that to 50
milliseconds.
https://haveibeenpwned.com/
DEMO
Building BitSensor trough collaboration
WHY NOW?
$allowed = array('gif', 'png', 'jpg'); //Allowed extensions $filename = $_FILES['image']['name']; $exts = array_slice(explode('.', $filename), 1); //Get extensions
foreach ($exts as $ext) { if(!in_array($ext,$allowed) ) { trigger_error("Disallowed file format on upload"); } }
PHP ERROR: Disallowed file format on upload
foreach ($exts as $ext) { ` if(!in_array($ext,$allowed) ) { trigger_error("Disallowed file format upload"); } }
GET /integration-guide/content/gitbook/plugins/gitbook-plugin-search/search.js HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36Accept-Language: nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
"input": { "http.get.b": "<script>alert(1)" }
Code Tripwire
Correlation
Input Analysis
Log analysisYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
$allowed = array('gif', 'png', 'jpg'); //Allowed extensions $filename = $_FILES['image']['name']; $exts = array_slice(explode('.', $filename), 1); //Get extensions
foreach ($exts as $ext) { if(!in_array($ext,$allowed) ) { trigger_error("Disallowed file format on upload"); } }
require_once 'phar://bitsensor.phar';
DEMO
HOW DO WE SELL?
