The Patsy Proxy: Getting others to do your dirty work

Presented at DerbyCon 2.0 Reunion (2012), Sept. 28, 2012, 7 p.m. (30 minutes).

Traditional proxies are a valuable tool for attackers, but have certain drawbacks. What if there were a way for attackers to proxy their traffic on systems which were unaware they were acting as proxies? What if these systems weren’t logging the traffic? What if attackers could choose who would proxy their traffic? In fact, there are multiple ways to achieve these conditions. In this talk, we will discuss various methods for tricking third party systems into relaying attacks and being a “patsy” for attackers.


Presenters:

  • Daniel Crowley / unicornFurnace as Daniel “unicornFurnace” Crowley
    Daniel Crowley – Daniel (aka “unicornFurnace”) is an Application Security Consultant for Trustwave’s SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE. Daniel does his own charcuterie.
  • Jennifer Savage / savagejen as Jennifer “savagejen” Savage
    Jennifer Savage – Jennifer is a professional software developer, a hobbyist hacker and a mom. Jennifer spends much of her time preventing her infant daughter, Ada, from crawling her way to bodily harm, launching missiles through the Internet, and eating sharp, pointy objects (she is not always successful.) Jennifer enjoys bikram yoga, RPGs, and redesigning insecure software.

Similar Presentations: