a_lot_of_dreams

galakhov


Фреймирование, импликация, идиоматизация, ...

...или почему страшно забыть то, что непросто запомнить...


Previous Entry Share Next Entry
Критические статьи с блэкхэт.ком... MUST READ!
a_lot_of_dreams
galakhov
Вот с US 2012 подоспели:

Я бы выделил эти:

"Breaking .NET Through Serialization":
https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf

"Blended Threats and JavaScript":
https://media.blackhat.com/bh-us-12/Briefings/Purviance/BH_US_12_Purviance_Blended_Threats_WP.pdf

"From the Iriscode to the Iris: A New Vulnerability of Iris Recognition Systems":
https://media.blackhat.com/bh-us-12/Briefings/Galbally/BH_US_12_Galbally_Iris_Reconstruction_WP.pdf

"Google Native Client: Analysis Of A Secure Browser Plugin Sandbox":
https://media.blackhat.com/bh-us-12/Briefings/Rohlf/BH_US_12_Rohlf_Google_Native_Client_WP.pdf

"Hacking with WebSockets":
https://media.blackhat.com/bh-us-12/Briefings/Shekyan/BH_US_12_Shekyan_Toukharian_Hacking_Websocket_Slides.pdf

"HTML5 Top 10 Threats - Stealth Attacks and Silent Exploits":
https://media.blackhat.com/bh-us-12/Briefings/Shah/BH_US_12_Shah_Silent_Exploits_WP.pdf

"Owning Bad Guys {& Mafia} with JavaScript Botnets":
https://media.blackhat.com/bh-us-12/Briefings/Alonso/BH_US_12_Alonso_Owning_Bad_Guys_WP.pdf

"Implementing Web Tracking":
https://media.blackhat.com/bh-us-12/Briefings/Fleischer/BH_US_12_Fleischer_Implementing_Web_Tracking_gfleischer_WP.pdf

"HTExploit: Bypassing htaccess Restrictions":
https://media.blackhat.com/bh-us-12/Turbo/Soler/BH_US_12_Katz_Soler_HTExploit_WP.pdf

------------------------------------------------------------

Кстати на EU 2012 тоже немало о вебе писали (там уже и видео тоже есть):

"HTML5 Top 10 Threats Stealth Attacks and Silent Exploits":
http://media.blackhat.com/bh-eu-12/shah/bh-eu-12-Shah_HTML5_Top_10-WP.pdf

"Who am I?":
http://media.blackhat.com/bh-eu-12/shah/bh-eu-12-Shah_HTML5_Top_10-Slides.pdf

"BEYOND SCANNING: AUTOMATED WEB APPLICATION SECURITY TESTING":
http://media.blackhat.com/bh-eu-12/deVries/bh-eu-12-deVries-Beyond_Scanning-Slides.pdf

"They ought to know better: Exploiting Security Gateways via their Web Interfaces":
http://media.blackhat.com/bh-eu-12/Williams/bh-eu-12-Williams-Exploiting_Gateways-Slides.pdf

"Smartphone Apps are not smart":
http://media.blackhat.com/bh-eu-12/Rose/bh-eu-12-Rose-Smartphone_Apps-Slides.pdf

"Hacking XPATH 2.0":
http://media.blackhat.com/bh-eu-12/Siddharth/bh-eu-12-Siddharth-Xpath-Slides.pdf

"SSL/TLS Interception Proxies and Transitive Trust":
http://media.blackhat.com/bh-eu-12/Jarmoc/bh-eu-12-Jarmoc-SSL_TLS_Interception-WP.pdf

"Seccubus: Scan more, work less":
https://media.blackhat.com/bh-eu-12/Arsenal/bh-eu-12-Breedijk-Seccubus-WP.pdf

"The heavy metal that poisoned the droid":
http://media.blackhat.com/bh-eu-12/Erasmus/bh-eu-12-Erasmus-Heavy-Metal_Poisoned_Droid-Slides.pdf

Статьи с EU — февраль-март... Свежак? Неееее... Но на идеи наводит...

P.S.: слил тут себе пару книг на irc:
Syngress_-_Stealing_The_Network_-_How_To_Own_A_Continent_(2004).chm
Google_Hacking_for_Penetration_Testers,_Vol_2_(2008).pdf
Wilhelm_&_Andress_-_Ninja_Hacking;_Unconventional_Penetration_Testing_Tactics_and_Techniques_(2011).pdf
— могу расшарить на google drive.

?

Log in