Websec's participation at Black Hat, CSI and XCon
Roberto Salgado, CTO of Websec, recently had the opportunity to present his current research and knowledge in several new venues this past August. In fact, most of that month was dedicated to participating at Information Security conferences. For a complete list of past and upcoming events where Websec will be participating, please refer to the conferences section. We will be updating this section on a regular basis so please be sure to check back for an upcoming event in your area.
Roberto's journey began with Black Hat in Las Vegas, Nevada on the 1st of August where he gave the talk "') UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Techniques’)%00" which focused on techniques that can be used for optimizing and obfuscating SQL injection attacks. This talk was very well received by attendees who gave it an overall score of 4.40/5.0, including 1 comment which read "This guy is pretty hardcore and awesome presenter".
Figure 1: Roberto talking about his optimized technique for Blind SQL Injections.
After Black Hat in Las Vegas, Roberto did a short detour to Cozumel, Mexico while he waited for his next conference in Colombia. Roberto was chosen to do two separate presentations at Colombia's CSI conference which stands for "Congreso Internacional de Seguridad Informatica" in Spanish or "International Information Security Conference" in English. In his first presentation, attendees were able to experience the same talk Roberto had given at Black Hat, but in their native tongue as Roberto is 100% bilingual. His second presentation was entitled "Hacking like a Boss!", which offered security pentesters different tips and tricks for hacking.
Figure 1: Roberto demonstrating how to make malware undetectable to an antivirus by modifying the signature with IDA.
The last stop was Beijing, China for XCon Information Security Conference where Roberto was one of the four English speakers that were invited. Here Roberto also talked about SQL Injection optimization and obfuscation with the help of a translator who translated the talk into Chinese in real time. Roberto also won a prize at the luck draw, which was held at the closing of the conference. Unfortunately no pictures were allowed inside the conference.
After 15 flights, Roberto was back in Canada and happy to have had the chance to talk at so many great conferences. If you wish to catch Roberto's talk on SQL injection optimization and obfuscation, he will be presenting it at DerbyCon on the 29th of September and at AppSecUSA on the 21st of November.
Websec would like to thank all the organizers of these superb conferences for having given us the opportunity to participate.