Our trip to BSides
Members of the Data Border team travelled to Manchester to immerse themselves in creative approaches to security. The BSides conference is a small and cosy one-day event that prides itself on being highly technical.
Among the highlights for us was James Kettle's logical yet lateral thinking approach to attacking reverse proxies. As he put it - something you are used to looking through rather than interacting with directly;
"With a suitable payload, some reverse proxies can be manipulated into misrouting requests"
Since then James has been in the news a few times:-
We also liked 'A Year In The Red' by Dominic Chell and Vincent Yiu who demo'd how red team tactics are evolving beyond phishing to include a wider variety of methods by showing a couple of tools highlighting (and taking advantage of) vulnerabilities in linkedin, Office365 / lync and others which they had found by investigating and thinking laterally.
- [HITB] A Year In The Red