Websec at DEFCON 2009

Websec at DEFCON 2009

Posted on May 03, 2010

In 2009, Websec was proud to participate in DEFCON as a featured speaker. DEFCON is the world's largest and most prestigious computer security/hacker conference, in which participants gather from around the world in Las Vegas to share and discuss newly discovered vulnerabilities and security issues. DEFCON 2009 featured nearly eight thousand attendees and two hundred speakers, marking another year of growth in this its 17th year of existence.

In this year's conference, Websec security researcher Pedro Joaquin presented the long awaited results from his most recent studies regarding residential modem security, Attacks on 2wire Residential Gateways. Pedro was the first to publicly expose a high-impact vulnerability targeting the 2wire model of router. This vulnerability allows DNS poisoning via a cross site forgery request, resulting in authentication bypass and drive-by router pharming.

This vulnerability is particularly troublesome in Mexico, where use of the 2wire router is most prevalent. A subsequent patch designed to rectify the problem was itself flawed and in fact contained the additional, more severe problem of another authentication bypass vulnerability. Pedro's work in discovering and remedying the initial vulnerability, and well as the one contained within the patch, has helped to greatly improve the security of residential systems that utilize the 2wire router.

For additional information: http://www.defcon.org http://www.hakim.ws

Latest Blog Entries

Downloading an Application's Entire Source Code Through an Exposed GIT Directory
Website administrators sometimes inadvertently leave an exposed .git directory, from which it is possible to download the entire source code of the web application using just wget and a common server misconfiguration.

credmap: The Credential Mapper
An overview of credmap, an open source penetration testing tool that automates the process of testing for credential reuse. It does so by testing supplied user credentials on known websites and verifies if the password has been reused on any of these.

New publication: Mastering the Nmap Scripting Engine
We invite you to learn more about the latest publication from our team, "Mastering the Nmap Scripting Engine".

Latest News

Blackhat EU 2015
Websec participated with two tools at the Blackhat, EU Arsenal held in Amsterdam, NL from the 10-13 of November, 2015. During this event, we introduced our brand new tool "credmap: The Credential Mapper" and also presented an amped-up version of Panoptic.

BSides Vancouver 2015
Websec is proud to announce that we will be attending the 3rd annual edition of BSides Vancouver, a local non-profit information security conference held in the heart of Vancouver, BC on March 16 and 17.