Michele Orru’ a.k.a. antisnatchor is an IT and ITalian security guy who works as a Penetration Tester for The Royal Bank of Scotland Group in Warsaw, Poland. He mainly focus his research on web application security. Besides his nasty passion about black, gray, white hat hacking and BeEF (being an active committer since the Ruby port started), he enjoys to leave alone his Mac while fishing on salted water and preys for Kubrick resurrection.
Dr. Strangelove or: How I Learned to Stop Worrying and Love the BeEF
What will you do during a pentest if you should get access to some target internal resources while having no exploitable external ones for the escalation? Well, there could be many responses on this provocative sentence, starting from Social Engineering techniques to the exploitation of victims browser inside the target.
We will see how BeEF can help resolving almost impossible pentest situations while directly exploiting the victims inside the target, using their machines as pivot to gather access to internal as well external resources, and how it’s much easier now to extend BeEF functionality writing your own modules to suit your needs.
Apart from that, the presentation will focus on covering the new BeEF platform that is being developed in Ruby, with a complete code rewrite and many new features: just to mention some of them, the newer Metasploit integration for zombie pwnage, persistent sessions, tunneling proxy and many new ways to use the victim browser to do nasty things.