[ mainpage :: register :: training :: conference :: hitb-labs :: the venue ]
[ capture the flag (CTF) :: wireless village :: lock picking village (LPV) :: open-hack ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

OFFICIAL CONFERENCE VIDEOS HAVE BEEN RELEASED

HITBSecConf2008 - Malaysia (Day 1)

HITBSecConf2008 - Malaysia (Day 2)

Registration for HITBSecConf2009 - Dubai is also now open.

Charl van der Walt (Founder / Managing Director, Sensepost Information Security)

Filed under: Main Page — Administrator @ 11:39 am

Presentation Title: Pushing the Camel Through the Eye of a Needle
Presentation Abstract:

Disclaimer: This talk will be as web2.0 correct as possible and will demonstrate healthy network ownage using all of todays cool buzzwords like Ajax, XML, XSRF, XSRT and SOAP..

In 2007 SensePost demonstrated the how DNS and Timing attacks could be used for a variety of attacks. This year we take those attacks further and show how small footholds in a target network can be converted into portals we can (and do) drive trucks through! With some updated SensePost tools, and some brand new ones, we will demonstrate how to convert your simple SQL Injection attacks (against well hardened environments) into point and click (well, type and click) ownage, how the framework management pages you never knew you had, can double as our network proxies and why despite all of the hype around SQL Server 2005, we still enjoy finding it behind vulnerable web applications.

The talk is fairly technical and expects that the attendees understand the basics of Web Application and Web Browser based attacks. Attendees will leave with new attack vectors, a couple of new tools and some thoughts on future directions of these attacks.

About Charl

Charl van der Walt is a founding member and Managing Director of SensePost - a leading international information security services provider and member of the SecureData group. Charl regularly presents courses and lectures for companies, conferences and universities world over. He is frequently published and has co-authored four different books on information security and computer hacking, including the most recent on Penetration Testing tools and techniques for Syngress Publishing. Charl has a dog called Rabbit.



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By




Malaysian National Computer Confederation


Multimedia Development Corporation


Platinum Sponsors

Titanium Sponsor (Post Conference Reception)

Gold Sponsors

CTF Sponsor

CTF Prize Sponsor

Open-Hack Sponsor

Metro-e and Official Bandwidth Sponsor


Network Equipment Sponsor

Our Speakers are Supported By


Supporting Media:

Virus Bulletin

InfoSec News

InfoSec News

XAKEP (Russia)

Supporting Organizations


Professional Information Security Association - Hong Kong









Special Interest Group in Security & Information InteGrity Singapore