Source Boston 2010: Cracking the Foundation: Offensive WCF Web Services 4.5
Speaker
Clip 05/04: Brian Holyfield of Gotham Digital Science hacking a Web service in general is not rocket science. But what will be, if the Web service messages sent using a binary protocol necessary? And if there is a message level requires encryption, but you do not have a key? These are some common scenarios you’re likely to encounter when they try to create a Web service using Windows Communication Foundation (WCF), built for the attack. Through a series of live demonstrations will show the presentation, how to recognize and attack the WCF web services and discuss useful tools and tips to facilitate testing of WCF services. Participants will leave with the skills necessary to effectively carry out penetration test against WCF apps. The following demonstrations will be performed live (time permitting): – Burp Plug-in for messages from WCF Binary SOAP (MC-NBFS) – De-compilation of Silverlight XAP to receive data Meta WCF – Crafting Meta Data Exchange (MEX) The application for the recovery of WCF meta-data – communication using WCF with WS-S Message Encryption Anonymous – create your own WCF Test Client (in less than 10 lines of code) – TCP port sampling by WCF duplex callback channels Presentation Outline: 1. Overview of Silverlight 2 WCF, WCF, Web Services 2. MC NBFS Protocol 2b. Get meta data for WCF 2c. Analyze Insurance WCF Silverlight XAP third 3rd Binding. WS-S Message Encryption 3b. Customers fourth custom WCF services WCF duplex fourth. Channels Offensive Call Back for more information and presentation …
Rating video: 0 / 5
clip
5.5 Speaker: Brian Holyfield of Gotham Digital Science hacking a Web service in general is not rocket science. But what will be, if the Web service messages sent using a binary protocol necessary? And if there is a message level requires encryption, but you do not have a key? These are some common scenarios you’re likely to encounter when they try to create a Web service using Windows Communication Foundation (WCF), built for the attack. Through a series of live demonstrations will show the presentation, how to recognize and attack the WCF web services and discuss useful tools and tips to facilitate testing of WCF services. Participants will leave with the skills necessary to effectively carry out penetration test against WCF apps. The following demonstrations will be performed live (time permitting): – Burp Plug-in for messages from WCF Binary SOAP (MC-NBFS) – De-compilation of Silverlight XAP to receive data Meta WCF – Crafting Meta Data Exchange (MEX) The application for the recovery of WCF meta-data – communication using WCF with WS-S Message Encryption Anonymous – create your own WCF Test Client (in less than 10 lines of code) – TCP port sampling by WCF duplex callback channels Presentation Outline: 1. Overview of Silverlight 2 WCF, WCF, Web Services 2. MC NBFS Protocol 2b. Get meta data for WCF 2c. Analyze Insurance WCF Silverlight XAP third 3rd Binding. WS-S Message Encryption 3b. Customers fourth custom WCF services WCF duplex fourth. Channels Offensive Call Back for more information and presentation …
Source Boston 2010: Cracking the Foundation: Attacking WCF Web Services 2/5
Clip 2/5 Speaker: Brian Holyfield, Gotham Digital Science Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key? These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services and discuss useful tools and tips to make testing WCF services easier. Attendees will leave with the knowledge necessary to effectively conduct penetration testing against WCF applications. The following live demonstrations will be conducted (time permitting): – Burp Plug-in for WCF Binary Soap Messages (MC-NBFS) – De-compilation of Silverlight XAP for obtaining WCF Meta Data – Crafting Meta Data Exchange (MEX) Requests for Retrieving WCF Meta Data – Communicating with WCF using WS-S Anonymous Message Encryption – Writing a Custom WCF Test Client (in less than 10 lines of code) – TCP Port Probing through WCF Duplex Callback Channels Presentation Outline: 1. WCF Overview 2. Silverlight WCF Web Services 2a. MC-NBFS Protocol 2b. Obtaining Meta Data from WCF 2c. Analyzing Silverlight XAP 3. Secure WCF Binding 3a. WS-S Message Encryption 3b. Custom WCF Clients 4. WCF Duplex Services 4a. Attacking Callback Channels For more information and presentation …
Video Rating: 0 / 5
Shmoocon 2010: Cracking the Foundation: Attacking WCF Web Services 5/5
Clip 5/5
Speaker: Brian Holyfield
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key?
These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services.
For more information go to: http://bit.ly/ayh0xT
Duration : 0:7:58
Shmoocon 2010: Cracking the Foundation: Attacking WCF Web Services 4/5
Clip 4/5
Speaker: Brian Holyfield
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key?
These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services.
For more information go to: http://bit.ly/ayh0xT
Duration : 0:10:0
Shmoocon 2010: Cracking the Foundation: Attacking WCF Web Services 3/5
Clip 3/5
Speaker: Brian Holyfield
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key?
These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services.
For more information go to: http://bit.ly/ayh0xT
Duration : 0:10:0
Shmoocon 2010: Cracking the Foundation: Attacking WCF Web Services 2/5
Clip 2/5
Speaker: Brian Holyfield
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key?
These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services.
For more information go to: http://bit.ly/ayh0xT
Duration : 0:10:0
Shmoocon 2010: Cracking the Foundation: Attacking WCF Web Services 1/5
Clip 1/5
Speaker: Brian Holyfield
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key?
These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services.
For more information go to: http://bit.ly/ayh0xT
Duration : 0:10:0
RSA Encryption and Decryption : DigInfo
DigInfo – http://movie.diginfo.tv
Cryptology has grown from the simple to the increasingly complex but it’s main function still remains the same- to send a message safely and securely. With computers comes increasingly powerful encryption technology required to maintain this security.
RSA is currently the most popular algorithm (or mathematical formula) for public-key cryptography.
Here students at an event sponsored by NiCT (National Institute of Information and Communications Technology) are computing the RSA algorithm mathematically to send and receive messages.
RSA first came to light in 1977 and is comprised of a public key and a private key. The public key is available to everyone and hence it’s used to encrypt messages and mark them so they are sent to a specific destination. The message can only be decrypted using the matching private key and this key is held securely at the messages destination.
Even though the RSA algorithm is a publicly available document- RSA encryption is used on a daily basis and is the foundation of modern electronic encryption.
Duration : 0:1:14