Presentations

War driving has been around for a very, very long time, however it has been missing a few key things. Mainly leather, Judas Priest and Motorcycles. 'Ghost riders in your LAN' is a talk based around overclocking the wardriving game by introducing gasoline, angle grinders, cheap wifi gear and a build price smaller than your slightly more exorbitant weekend bender. This talk is a collaboration between Security-Assessment.com and Stray Rats Custom Motorcycles. I will be covering the details of how to build a wifi-attack-cycle from ground up - from electronics and cheap-and-cheerful heads up displays to the bike modifications required to mount all the tech and look awesome while terrorizing your local neighborhood TP-LINKs. Ride the metal monster, breathing deauth and fire. Closing in with vengeance broadcasting high. This is the WifiKiller.

Timing attacks are relatively well known in the shady recesses of the caves I assume cryptographers hide in. However less is known by us security and hacker folk. I intend to rectify this injustice by answering a simple question - Can a timing attack be used on a remote web app to guess a hashed password faster than a simple brute force attack? To this end I have pondered, coded, tested, sweated, cried, pondered some more, tested, cried again and coded until I have the tool to answer the question! Ha! This talk will outline the tool, the technique, and its limitations. They said it couldn't be done, I say watch my talk and find out.

"Don't roll your own" has been common advice over the past decade; however even when heeding these words, insecure practices and common mistakes lead to glaring security holes. This talk will cover some of the common errors made when implementing applcations based around web frameworks, where to look for vulnerabilities and how to avoid them.