The Patsy Proxy: Getting others to do your dirty work

DerbyCon 2.0 - The Reunion

Presented by: Dan Crowley (unicornFurnace), Jennifer Savage (savagejen)
Date: Friday September 28, 2012
Time: 19:00 - 19:25
Location: Track 5
Track: Stable Talks

Traditional proxies are a valuable tool for attackers, but have certain drawbacks. What if there were a way for attackers to proxy their traffic on systems which were unaware they were acting as proxies? What if these systems weren’t logging the traffic? What if attackers could choose who would proxy their traffic? In fact, there are multiple ways to achieve these conditions. In this talk, we will discuss various methods for tricking third party systems into relaying attacks and being a “patsy” for attackers.

Jennifer Savage

Jennifer Savage – Jennifer is a professional software developer, a hobbyist hacker and a mom. Jennifer spends much of her time preventing her infant daughter, Ada, from crawling her way to bodily harm, launching missiles through the Internet, and eating sharp, pointy objects (she is not always successful.) Jennifer enjoys bikram yoga, RPGs, and redesigning insecure software.

Dan Crowley

Daniel Crowley – Daniel (aka “unicornFurnace”) is an Application Security Consultant for Trustwave’s SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE. Daniel does his own charcuterie.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats