Websec's participation at Black Hat, CSI and XCon

Websec's participation at Black Hat, CSI and XCon

Posted on September 16, 2013

Roberto Salgado, CTO of Websec, recently had the opportunity to present his current research and knowledge in several new venues this past August. In fact, most of that month was dedicated to participating at Information Security conferences. For a complete list of past and upcoming events where Websec will be participating, please refer to the conferences section. We will be updating this section on a regular basis so please be sure to check back for an upcoming event in your area.

Roberto's journey began with Black Hat in Las Vegas, Nevada on the 1st of August where he gave the talk "') UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Techniques’)%00" which focused on techniques that can be used for optimizing and obfuscating SQL injection attacks. This talk was very well received by attendees who gave it an overall score of 4.40/5.0, including 1 comment which read "This guy is pretty hardcore and awesome presenter".


Figure 1: Roberto talking about his optimized technique for Blind SQL Injections.


After Black Hat in Las Vegas, Roberto did a short detour to Cozumel, Mexico while he waited for his next conference in Colombia. Roberto was chosen to do two separate presentations at Colombia's CSI conference which stands for "Congreso Internacional de Seguridad Informatica" in Spanish or "International Information Security Conference" in English. In his first presentation, attendees were able to experience the same talk Roberto had given at Black Hat, but in their native tongue as Roberto is 100% bilingual. His second presentation was entitled "Hacking like a Boss!", which offered security pentesters different tips and tricks for hacking.


Figure 1: Roberto demonstrating how to make malware undetectable to an antivirus by modifying the signature with IDA.


The last stop was Beijing, China for XCon Information Security Conference where Roberto was one of the four English speakers that were invited. Here Roberto also talked about SQL Injection optimization and obfuscation with the help of a translator who translated the talk into Chinese in real time. Roberto also won a prize at the luck draw, which was held at the closing of the conference. Unfortunately no pictures were allowed inside the conference.

After 15 flights, Roberto was back in Canada and happy to have had the chance to talk at so many great conferences. If you wish to catch Roberto's talk on SQL injection optimization and obfuscation, he will be presenting it at DerbyCon on the 29th of September and at AppSecUSA on the 21st of November.

Websec would like to thank all the organizers of these superb conferences for having given us the opportunity to participate.

Latest Blog Entries

Belkin Wemo Switch NMap Scripts
Belkin Wemo Switch Smart Plug is a network controlled power outlet. The current firmware version does not requiere authentication to switch the power ON or OFF or to gather information such as nearby wireless networks. Two NMap scripts have been published

Downloading an Application's Entire Source Code Through an Exposed GIT Directory
Website administrators sometimes inadvertently leave an exposed .git directory, from which it is possible to download the entire source code of the web application using just wget and a common server misconfiguration.

credmap: The Credential Mapper
An overview of credmap, an open source penetration testing tool that automates the process of testing for credential reuse. It does so by testing supplied user credentials on known websites and verifies if the password has been reused on any of these.

Latest News

Blackhat EU 2015
Websec participated with two tools at the Blackhat, EU Arsenal held in Amsterdam, NL from the 10-13 of November, 2015. During this event, we introduced our brand new tool "credmap: The Credential Mapper" and also presented an amped-up version of Panoptic.

BSides Vancouver 2015
Websec is proud to announce that we will be attending the 3rd annual edition of BSides Vancouver, a local non-profit information security conference held in the heart of Vancouver, BC on March 16 and 17.