https://silentrobots.com/tags/conferences/Recent content in Conferences on Willis VandevanterHugo -- gohugo.ioen-usSun, 01 May 2016 00:00:00 +0000https://silentrobots.com/exploiting-xxe-in-file-upload-functionality/Sun, 01 May 2016 00:00:00 +0000https://silentrobots.com/exploiting-xxe-in-file-upload-functionality/<img src="https://silentrobots.com/" alt="Featured image of post Exploiting XXE In File Upload Functionality" /><p>Just wanted to post some details from my BH USA 2015 briefing “Exploiting XXE In File Upload Functionality”.</p> <p><a class="link" href="https://www.youtube.com/watch?v=LZUlw8hHp44" target="_blank" rel="noopener" >https://www.youtube.com/watch?v=LZUlw8hHp44</a></p> <p>I also gave an updated version of the presentation in November for the Blackhat Webcast Series. It included more file types; PDF, JPG, and GIF. The link is here: <a class="link" href="https://www.blackhat.com/html/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.html" target="_blank" rel="noopener" >https://www.blackhat.com/html/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.html</a></p>https://silentrobots.com/blackhat-2015-arsenal/Thu, 10 Sep 2015 00:00:00 +0000https://silentrobots.com/blackhat-2015-arsenal/<img src="https://silentrobots.com/" alt="Featured image of post Blackhat 2015 Arsenal" /><p>Last month at Blackhat Arsenal 2015, <a class="link" href="https://github.com/parzamendi-r7" target="_blank" rel="noopener" >Pete</a> and I presented on Serpico. This was our second time at Arsenal. Yet again, awesome people, great venue, and overall a highlight for me of BH/DC/LV. We got some excellent feedback on the project, so thank you to anyone who stopped by.</p> <p>Last year I posted the top 3 feature requests and we squashed them (woot!). These are requested features/bugs this year and their associated issue on github:</p> <h1 id="fix-image-breakage-in-presentations">Fix Image Breakage in Presentations </h1><p>Automated Presentation creation was added the week before and had a rather embarassing stack trace in certain combinations; this was fixed in <a class="link" href="https://github.com/MooseDojo/Serpico/commit/61fe996af37a79c94b34eea6fb5cf0a208fb87b5" target="_blank" rel="noopener" >this commit</a></p> <h1 id="statistics">Statistics </h1><p>More than a few people asked for more correlation; “Support Findings Trending” (<a class="link" href="https://github.com/MooseDojo/Serpico/issues/25" target="_blank" rel="noopener" >Issue 25</a>).</p> <h1 id="wiki-additions">Wiki Additions </h1><p>Add the following information to the wiki:</p> <ul> <li>Report Creation Example</li> <li>Presentation Creation</li> <li>Export/Import Examples</li> </ul> <h1 id="submit-to-kali">Submit To Kali </h1><p>Here is the submission: <a class="link" href="https://bugs.kali.org/view.php?id=2615" target="_blank" rel="noopener" >New Tool Request: SERPICO</a></p>https://silentrobots.com/untitled/Mon, 11 Aug 2014 00:00:00 +0000https://silentrobots.com/untitled/<img src="https://silentrobots.com/" alt="Featured image of post Blackhat 2014 Arsenal Experience" /><p>Last week at Blackhat Arsenal 2014, <a class="link" href="https://github.com/parzamendi-r7" target="_blank" rel="noopener" >Pete</a> and I (<a class="link" href="https://www.twitter.com/_will_is_" target="_blank" rel="noopener" >@<em>will_is</em></a>) presented on Serpico. Arsenal was a great experience and I would highly recommend to anyone as an attendee or presenter. We got some great feedback on the project, so thank you to anyone who stopped by.</p> <p>Here were the top 3 feature requests and their associated issue on github:</p> <h1 id="global-variables">Global Variables </h1><p>This feature would allow a user to add their own variable in the UI that would render in the template. A classic use case would be to edit the Executive Summary through the UI rather than inside of a template.</p> <p>Github Issue: <a class="link" href="https://github.com/MooseDojo/Serpico/issues/19" target="_blank" rel="noopener" >Support “Global Variables” for reports</a> Released 08/22</p> <h1 id="more-findings">More Findings </h1><p>As of the most recent build Serpico comes with 8 findings; this is an area of active development. More than one person asked for findings from open sources such as CWE.</p> <p>Github Issue: <a class="link" href="https://github.com/MooseDojo/Serpico/issues/20" target="_blank" rel="noopener" >Include 40 Findings with the default installation</a></p> <h1 id="plugin-to-3rd-parties">Plugin to 3rd Parties </h1><p>This feature would allow a user to parse findings from different vulnerability scanners and import the results.</p> <p>Github Issue: <a class="link" href="https://github.com/MooseDojo/Serpico/issues/21" target="_blank" rel="noopener" >Support a connector to Nessus</a></p>