Buzzkill: How using hacker tools can get you owned

by Justin Steven | Saturday 08, 3:45pm - 4:15pm

This talk dives deep on a few vulnerabilities in REDACTED, a popular OSINT-driven open source asset discovery and reconnaissance tool. In the worst case, a website being scanned by REDACTED was able to pop shell on the scanner end, allowing a cheeky website to steal a hacker’s ~/0day. We’ll run through a few tricks relating to Git exploitation and archive unarchiving, we’ll construct Rube Goldberg exploits to pop calc, and we’ll get a little bit nervous about vulnerabilities in the offensive security software we’ve all come to know and run.

About Justin Steven

Justin is a seasoned computer security professional with 13 years of experience across Incident Response and Software Security. As Tanto Security’s Head of Research, Justin fosters the curiosity and ingenuity of our consultants, supporting them as they engage in their own research projects.

← Other talks