Yet another month of November draws to a close, meaning that another edition of Hackfest, an awesome infosec conference held in Quebec City, just happened. Here is the summary of my 5th presence at the event, which pretty much makes it a tradition by now.
On the first day of the event, I mostly went to talks and played a bit with the general CTF. Some talks were pretty high-level on topic such as mobile ads vulnerabilities, physical penetration testing and managing IoT in enterprise. As a developer, it’s interesting to open my mind on the challenges encountered by others in their field.
Another talk presented the result of a 2-year-long study using honeypots(400+ IPs) to study the behaviour of malicious actors by monitoring processes, network, files, registry and applications. The competition is fierce among these attackers. Once they manage to get in a server, they tend to patch the vulnerability they used so others don’t find it and search for other malicious program to kill them.
Finally, a researcher analyzed many open source web application vulnerability scanners to compare their efficiency and accuracy at finding weaknesses. I was not surprised with the results. Some scanners are better a finding some kind of vulnerabilities and they must be properly configured to get the most out of them. I definitely agree with this quote from the presentation: A fool with a tool is still a fool!.
As I said in last year’s summary, I’m adopting a practice-oriented methodology to learn cybersecurity skills. So this year, I decided to spend the entire second day of the conference doing workshops.
The first workshop was about exploiting deserialization to get remote code execution in web applications. We had a brief introduction to the concepts, then a testing environment was available to build and test gadgets(our malicious deserialization payloads) in Java and .Net. We used ysoserial to generate the gadgets and RequestBin a nifty tool to test our payloads without needing our own infrastructure/server.
The second workshop was an awesome experimentation sandbox hosting a vulnerable Worpress instance. We had to chain multiple vulnerabilities(CSRF -> XSS -> RCE) to ultimately gain root on the server. We were guided by a write-up to help us achieve the different steps and there were 3 presenters to answer the attendees’ questions.
Once again, I had an amazing experience at Hackfest this year, I learned a ton and met new people from the infosec community! :)
Any comments? Hit me up @codingjames