Source Boston 2010: Cracking the Foundation: Attacking WCF Web Services 4/5
Clip 4/5
Speaker: Brian Holyfield, Gotham Digital Science
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key? These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services and discuss useful tools and tips to make testing WCF services easier. Attendees will leave with the knowledge necessary to effectively conduct penetration testing against WCF applications.
The following live demonstrations will be conducted (time permitting):
- Burp Plug-in for WCF Binary Soap Messages (MC-NBFS)
- De-compilation of Silverlight XAP for obtaining WCF Meta Data
- Crafting Meta Data Exchange (MEX) Requests for Retrieving WCF Meta Data
- Communicating with WCF using WS-S Anonymous Message Encryption
- Writing a Custom WCF Test Client (in less than 10 lines of code)
- TCP Port Probing through WCF Duplex Callback Channels
Presentation Outline:
1. WCF Overview
2. Silverlight WCF Web Services
2a. MC-NBFS Protocol
2b. Obtaining Meta Data from WCF
2c. Analyzing Silverlight XAP
3. Secure WCF Binding
3a. WS-S Message Encryption
3b. Custom WCF Clients
4. WCF Duplex Services
4a. Attacking Callback Channels
For more information and presentation slides click here: http://bit.ly/8XJ1tm
Duration : 0:10:1
Source Boston 2010: Cracking the Foundation: Attacking WCF Web Services 3/5
Clip 3/5
Speaker: Brian Holyfield, Gotham Digital Science
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key? These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services and discuss useful tools and tips to make testing WCF services easier. Attendees will leave with the knowledge necessary to effectively conduct penetration testing against WCF applications.
The following live demonstrations will be conducted (time permitting):
- Burp Plug-in for WCF Binary Soap Messages (MC-NBFS)
- De-compilation of Silverlight XAP for obtaining WCF Meta Data
- Crafting Meta Data Exchange (MEX) Requests for Retrieving WCF Meta Data
- Communicating with WCF using WS-S Anonymous Message Encryption
- Writing a Custom WCF Test Client (in less than 10 lines of code)
- TCP Port Probing through WCF Duplex Callback Channels
Presentation Outline:
1. WCF Overview
2. Silverlight WCF Web Services
2a. MC-NBFS Protocol
2b. Obtaining Meta Data from WCF
2c. Analyzing Silverlight XAP
3. Secure WCF Binding
3a. WS-S Message Encryption
3b. Custom WCF Clients
4. WCF Duplex Services
4a. Attacking Callback Channels
For more information and presentation slides click here: http://bit.ly/8XJ1tm
Duration : 0:10:1
Source Boston 2010: Cracking the Foundation: Attacking WCF Web Services 1/5
Clip 1/5
Speaker: Brian Holyfield, Gotham Digital Science
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key? These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services and discuss useful tools and tips to make testing WCF services easier. Attendees will leave with the knowledge necessary to effectively conduct penetration testing against WCF applications.
The following live demonstrations will be conducted (time permitting):
- Burp Plug-in for WCF Binary Soap Messages (MC-NBFS)
- De-compilation of Silverlight XAP for obtaining WCF Meta Data
- Crafting Meta Data Exchange (MEX) Requests for Retrieving WCF Meta Data
- Communicating with WCF using WS-S Anonymous Message Encryption
- Writing a Custom WCF Test Client (in less than 10 lines of code)
- TCP Port Probing through WCF Duplex Callback Channels
Presentation Outline:
1. WCF Overview
2. Silverlight WCF Web Services
2a. MC-NBFS Protocol
2b. Obtaining Meta Data from WCF
2c. Analyzing Silverlight XAP
3. Secure WCF Binding
3a. WS-S Message Encryption
3b. Custom WCF Clients
4. WCF Duplex Services
4a. Attacking Callback Channels
For more information and presentation slides click here: http://bit.ly/8XJ1tm
Duration : 0:10:1
Source Boston 2010: Cracking the Foundation: Attacking WCF Web Services 2/5
Clip 2/5
Speaker: Brian Holyfield, Gotham Digital Science
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key? These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services and discuss useful tools and tips to make testing WCF services easier. Attendees will leave with the knowledge necessary to effectively conduct penetration testing against WCF applications.
The following live demonstrations will be conducted (time permitting):
- Burp Plug-in for WCF Binary Soap Messages (MC-NBFS)
- De-compilation of Silverlight XAP for obtaining WCF Meta Data
- Crafting Meta Data Exchange (MEX) Requests for Retrieving WCF Meta Data
- Communicating with WCF using WS-S Anonymous Message Encryption
- Writing a Custom WCF Test Client (in less than 10 lines of code)
- TCP Port Probing through WCF Duplex Callback Channels
Presentation Outline:
1. WCF Overview
2. Silverlight WCF Web Services
2a. MC-NBFS Protocol
2b. Obtaining Meta Data from WCF
2c. Analyzing Silverlight XAP
3. Secure WCF Binding
3a. WS-S Message Encryption
3b. Custom WCF Clients
4. WCF Duplex Services
4a. Attacking Callback Channels
For more information and presentation slides click here: http://bit.ly/8XJ1tm
Duration : 0:10:1
How To Hack Your Own Cell Phone & Save $$
Unedited Video: There’s a legal and free way to get many of the features for which cell phone companies now charge. Evan Silbert, president of Warlox Wireless, explains how they can unlock your phone to save money.
Duration : 0:17:25
Computer Tech Solutions : How Does Encryption Work?
Encryption works by replacing on letter or numerical character with another character or symbol to create an encoded message. Understand encryption with information from an experienced software developer in this free video on computers.
Duration : 0:2:40
How to Buy a Domain Name
http://live.pirillo.com/ – what are domain names? How do you register one?
GoDaddy.com Coupon Codes: CHRIS1, CHRIS2, CHRIS3, BLAUGH
Duration : 0:5:33