Skip to content

Instantly share code, notes, and snippets.

@daeken
Created August 16, 2012 03:05
Show Gist options
  • Save daeken/3366052 to your computer and use it in GitHub Desktop.
Save daeken/3366052 to your computer and use it in GitHub Desktop.
Outline
  • Intro
    • Mindset
      • Break all the things
    • Understanding is key
      • Security people are the most diverse in tech for that reason
  • Web security
    • Tools
      • Burp
    • XSS
    • CSRF
    • SQL injection
    • Command injection
    • Other injections
      • XPath
    • Arbitrary file reads/writes
    • Force browsing / direct object reference
    • Header injection/splitting
    • Clickjacking
    • Improper authentication
    • Improper authorization
  • Native security
    • Buffer overflows
      • Stack
      • Heap
    • Integer overflows
    • Format strings
    • Use-after-free
    • Double free
    • Null pointer deref
    • Memory reads and writes
      • Information leaks
  • Native protections
    • Stack protection
      • Canaries
    • Heap protection
      • Detection of corruption
    • DEP -- W^X
    • ASLR
  • Native exploitation
    • Shellcoding
    • Stack buffer overflows
    • Heap buffer overflows
    • SEH attacks
    • ROP
    • Defeating ASLR
      • Using information leaks
  • Crypto
    • Asymmetric crypto
    • Symmetric crypto
      • Modes
        • Detection thereof
      • Flipping bits
      • Padding oracles
    • Hashing
    • Message authentication
    • Replay-style attacks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment