In the early 1990s, after communism collapsed and internet arrived in Romania, the Politehnica University of Bucharest hosted some of the world’s greatest hackers at the time. Late at night, they bribed the doorkeeper with cheap vodka to let them enter the ED011 computer lab. Quietly, with their computer screens dimmed, they challenged themselves to hack NASA, the Pentagon, and the US Army. The 1990s were romantic times in the history of hacking. Back then, the focus was on discovering with minimum resources. Hackers usually wanted to learn and to test themselves, not to spy, steal secrets or make money.
Bogdan Simion & Dumitra Dragos
Andrei Cotaie & Tiberiu Boros
Command-line interface is frequently used by users, system administrators and applications alike. Many software products launch console script to perform certain tasks, such as check system details or resources (‘net’, ‘wmic’), manage firewall rules, register services and so on. Needless to say, that not all script patterns are common for all applications. As part of the security team, experts log these commands and periodically review them to detect abnormal scripts or command lines that are launched by the applications. Right now, the review process is driven by the expert’s intuition to search through logs for certain patterns and conduct a proactive investigation by reviewing all activity from the previous period, depending on occurrence. Detecting malicious command line executions can be rephrased as a standard anomaly detection machine learning (ML) task by simply combining Clustering and Auto-encoding techniques.
The modern era of digital space is complex, varied and sophisticated. There are new types of malwares, new methods for gaining access, new intelligent threats. Modern attacks like Advanced Persistent Threats (APT) target specific individuals and institutions with the aim to steal sensitive high-value information and user identities. This presentation aims to provide serveral points of action against new threats.
XSS Fuzzer is a tool available as a single HTML web page which allows users to generate XSS payloads based on user-defined vectors and multiple placeholders which are replaced with user-defined lists. The tool can be used in multiple scenarios, including finding new XSS vectors or bypassing Web Application Firewalls. Also, it can be useful for non-XSS related scenarios as well.
The best time to talk with speakers and attendees
Ioan Iacob & Marius Bucur