Our trip to BSides
Members of the Data Border team travelled to Manchester to immerse themselves in creative approaches to security. The BSides conference is a small and cosy one-day event that prides itself on being highly technical.
Among the highlights for us was James Kettle's logical yet lateral thinking approach to attacking reverse proxies. As he put it - something you are used to looking through rather than interacting with directly;
"With a suitable payload, some reverse proxies can be manipulated into misrouting requests"
Since then James has been in the news a few times:-
We also liked 'A Year In The Red' by Dominic Chell and Vincent Yiu who demo'd how red team tactics are evolving beyond phishing to include a wider variety of methods by showing a couple of tools highlighting (and taking advantage of) vulnerabilities in linkedin, Office365 / lync and others which they had found by investigating and thinking laterally.
- [HITB] A Year In The Red
There are 3 comments
Couldn't agree more - James' approach is an inspiration to try unusual to get ways around protections.
It shows that even systems designed to be an important security boundary haven't had care and attention given to how they could be misused.
Thanks - here's a link back to the conference material: B-Sides Official.