Docs

Exposed | more: Attacking the Extended Web

These are the slides from Shmoocon 2010 for Exposed | more: Attacking the Extended Web. This talk deals with attacking APIs and extensions.

Dynamic CSRF White Paper

This is the white paper on Dynamic Cross-Site Request Forgery. This attack was covered by Nathan Hamiel and Shawn Moyer at Black Hat US 2009 and Defcon 17. This paper outlines the issue and gives a couple of examples of attacks using the Dynamic CSRF vector.

Weaponizing the Web: More Attacks on User Generated Content

This is the slide deck from Black Hat US 2009 and Defcon 17 given by Nathan Hamiel and Shawn Moyer.

RETRI: Rapid Enterprise Triaging

This is the slide deck for the Rapid Enterprise Triaging talk given by Aaron LeMasters and Michael Murphy at Black Hat USA 2009.

Adventures in CSRFing: Sharks in the Tubes

This presentation was given by Nathan for the BrightTALK Application Security Summit.

Fail 2.0: Further Musings on Attacking Social Networks

This is the slide deck from Nathan and Shawn's presentation at ShmooCon 2009 further fail with social networks.

Enterprise Incident Response: Network and Disk Analysis

These are the slides from from a guest lecture given by Michael Murphy at Johns Hopkins.

Satan is on my friends list: Attacking Social Networks

This is the slide deck from Nathan and Shawn's presentation at Black Hat and Defcon 16 on attacking social networks. This presentation has all of the updated slides.

Designing and Responding to Targeted Network Attacks

This is a presentation given by Michael Murphy and Cygnus at ShmooCon 2007