Presented at
DerbyCon 3.0 All in the Family (2013),
Sept. 29, 2013, 8 a.m.
(50 minutes).
Ever wondered what it would take to conduct a fully automated attack on an entire country’s web infrastructure? Read on!
We’ve always been interested in the ideas of conducting massive attacks and detecting mass vulnerabilities. We’ve presented this topic a couple of times before, at DEF CON 21 and ShmooCon 2013, and we’re releasing several ‘Big Data’-based open source tools. But for DerbyCon, we want to put it all together for you, and show — on a practical level — how our massively scalable pieces of (all open source and free) software *could* be chained together to pull off one of the biggest hacks ever.
Target: An entire country’s web infrastructure. Goal: Steal all of the databases. It’s going to be awesome.
(This will of course be a proof of concept, we wouldn’t actually do this, it would be really illegal)
Presenters:
-
Alejandro Caceres
Alejandro Caceres (@DotSlashPunk) is a software developer, web application penetration tester, and security researcher. His main interest is in the nexus between distributed computing and network/application attacks. He is the founder of the PunkSPIDER project, presented at ShmooCon 2013, which is an open source project to fuzz the entire Internet’s web applications using a Hadoop cluster. He’s also the owner of Hyperion Gray, a software development company focused on open source projects in the area of distributed computing as it relates to security. He didn’t know how to work in shamelessly mentioning the DARPA Cyber Fast Track research project he is also working on, which he presented at DEF CON 21, or his *other* DEF CON 21 talk about distributing common attacks, so he just wrote it in at the end of the bio. He is very classy.
Links: