Source Boston 2010: Cracking the Foundation: Attacking WCF Web Services 1/5
Clip 1/5
Speaker: Brian Holyfield, Gotham Digital Science
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key? These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services and discuss useful tools and tips to make testing WCF services easier. Attendees will leave with the knowledge necessary to effectively conduct penetration testing against WCF applications.
The following live demonstrations will be conducted (time permitting):
- Burp Plug-in for WCF Binary Soap Messages (MC-NBFS)
- De-compilation of Silverlight XAP for obtaining WCF Meta Data
- Crafting Meta Data Exchange (MEX) Requests for Retrieving WCF Meta Data
- Communicating with WCF using WS-S Anonymous Message Encryption
- Writing a Custom WCF Test Client (in less than 10 lines of code)
- TCP Port Probing through WCF Duplex Callback Channels
Presentation Outline:
1. WCF Overview
2. Silverlight WCF Web Services
2a. MC-NBFS Protocol
2b. Obtaining Meta Data from WCF
2c. Analyzing Silverlight XAP
3. Secure WCF Binding
3a. WS-S Message Encryption
3b. Custom WCF Clients
4. WCF Duplex Services
4a. Attacking Callback Channels
For more information and presentation slides click here: http://bit.ly/8XJ1tm
Duration : 0:10:1
Source Boston 2010: Cracking the Foundation: Attacking WCF Web Services 2/5
Clip 2/5
Speaker: Brian Holyfield, Gotham Digital Science
Hacking a web service generally isn’t rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don’t have a key? These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services and discuss useful tools and tips to make testing WCF services easier. Attendees will leave with the knowledge necessary to effectively conduct penetration testing against WCF applications.
The following live demonstrations will be conducted (time permitting):
- Burp Plug-in for WCF Binary Soap Messages (MC-NBFS)
- De-compilation of Silverlight XAP for obtaining WCF Meta Data
- Crafting Meta Data Exchange (MEX) Requests for Retrieving WCF Meta Data
- Communicating with WCF using WS-S Anonymous Message Encryption
- Writing a Custom WCF Test Client (in less than 10 lines of code)
- TCP Port Probing through WCF Duplex Callback Channels
Presentation Outline:
1. WCF Overview
2. Silverlight WCF Web Services
2a. MC-NBFS Protocol
2b. Obtaining Meta Data from WCF
2c. Analyzing Silverlight XAP
3. Secure WCF Binding
3a. WS-S Message Encryption
3b. Custom WCF Clients
4. WCF Duplex Services
4a. Attacking Callback Channels
For more information and presentation slides click here: http://bit.ly/8XJ1tm
Duration : 0:10:1
Homeschool: Cryptography
Try to decode this message: “oyaueroclo.” Visit http://microacademy.org for more information.
Duration : 0:2:40
What You Should Know Before Buying Web Hosting
http://live.besttechie.net – The web hosting market is over saturated and full of utterly horrible web hosts looking to rip you off with their horrendous services. I have compiled a list of tips and tricks to help you select the best host for you (and to keep you from being taken advantage of).
Duration : 0:6:57