Kiddies gotta make the money, and it don't come easy when those mean users don't click our links. And if there aren't any ports open, what's a PenTest John to do?? If you are curious about hooking browsers without yucky social engineering or XSS, getting the goods through proxy hosts, or even if you're just BeEF-curious, this is the one you've been waiting for.
This talk is about, that's right, BEEF INJECTION: a completely unabashed love story between MITM and the BeEF Framework. Through demos and new code, we'll show you how to hook up with browsers using old pickup lines like ARP Poisoning and Karma Attacks, and once you get their digits, we'll even show you how to maintain that relationship, and use it to get even more connections you never dreamed of. Featuring in-depth BeEF tips by Ryan Linn, author of "Coding for Penetration Testers", and Steve Ocepek, creator of thicknet and the seminal favorite, "How to Get a Date Using Unshielded Twisted Pair and a Hot Glue Gun", you too can get in on the Pro Tips and up your IEEE 802 dating game.
Steve Ocepek serves as the Senior Security Research Manager for Trustwave's SpiderLabs division -the advanced security team focused on penetration testing, incident response, and application security. An innovative network security expert with an entrepreneurial spirit, Steve Ocepek has been a driving force in pioneering Network Access Control (NAC) technologies delivering comprehensive endpoint control for mitigation of zero attacks, policy enforcement, and access management, for which he has been awarded 4 patents with 1 patent pending. With a reputation for preventing, intercepting, and resolving malicious attacks from malware, viruses, and worms, Steve has provided consultative testing, and made recommendations for remediation for Fortune 500 and government enterprises in financial, credit card processing, educational, healthcare, and high-tech industries. His testing of network penetration, use of Network Access Control (NAC), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF), Network Firewalls, and Encryption Solutions enable him to advise on new countermeasures improving security, saving clients millions of dollars in losses of intellectual property, client data, customer confidence, and litigation costs. Steve has led the growth of SpiderLabs Security Research Department, more than doubling services providing solutions to meet the needs of clients worldwide in identifying, preventing, and solving network security threats and problems. He is known as a trusted resource and problem solver by chief information officers, directors of security, chief technical officers, chief operating officers, chief executive officers, and military and national security leaders.
Ryan Linn is a Senior Consultant with Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security. Ryan is a penetration tester, an author, a developer,and an educator. He comes from a systems administration and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit and BeEF, the Browser Exploitation Framework.