Black Hat Briefings, Las Vegas 2005 [audio] Presentations From The Security Conference

SensePost: Automation - Deus ex Machina or Rube Goldberg Machine?



How far can automation be taken? How much intelligence can be embodied in code? How generic can automated IT security assessment tools really be? This presentation will attempt to show which areas of attacks lend themselves to automation and which aspects should best be left for manual human inspection and analyses. SensePost will provide the audience a glimpse of BiDiBLAH - an attempt to automate a focussed yet comprehensive assessment. The tool provides automation for: * Finding networks and targets * Fingerprinting targets * Discovering known vulnerabilities on the targets * Exploiting the vulnerabilities found * Reporting Roelof Temmingh is the Technical Director of SensePost where his primary function is that of external penetration specialist. Roelof is internationally recognized for his skills in the assessment of web servers. He has written various pieces of PERL code as proof of concept for known vulnerabilities, and coded the world-first anti-IDS web proxy "Pudding"