Conference:  Defcon 31

Authors: Dan "AltF4" Petro Senior Security Engineer, Bishop Fox, David Vargas Senior Security Consultant, Bishop Fox

2023-08-01

Breaking into secure facilities used to be possible by inserting a listening device (such as an ESPKey) behind an RFID card reader and sniffing the unencrypted Wiegand badge numbers over the wire as they go to the backend controller. The physical security industry has taken notice and there's a new sheriff in town: The encrypted protocol OSDP which is starting to be rolled into production. Surely encryption will solve our problems and prevent MitM attacks right? ... right? In this presentation, we'll demonstrate over a dozen vulnerabilities, concerning problems, and general "WTF"s in the OSDP protocol that let it be subverted, coerced, and totally bypassed. This ranges from deeply in-the-weeds clever cryptographic attacks, to boneheaded mistakes that undermine the whole thing. We will also demonstrate a practical pentesting tool that can be inserted behind an RFID badge reader to exploit these vulnerabilities. Get your orange vest and carry a ladder, because we're going onsite!

Conference:  OWASP 20th Anniversary Event

Authors: Juan Pablo Quiñe Paz

2021-09-24

Using binary search algorithms for blind sql injection

• SQL injection is a common exploitation technique that involves injecting SQL code or logic into input variables to gain access to a database and potentially compromise the entire system
• One of the main causes of SQL injection is the lack of input filtering controls
• Firewalls that work in lower layers will not protect against SQL injection attacks
• Blind SQL injection involves asking the database for a true or false answer and using that to determine the data being asked for
• Binary search algorithms can be used to make blind SQL injection attacks more efficient