Friday 19 June 2015

A thank you to Skandiabanken

At my NDC Oslo talk today, I showed how to downgrade HTTPS to HTTP on Skandiabanken. It was with the kind permission of the people at Skandiabanken and I would like to express my thanks for that.

The attack I used is a very narrow attack and doesn’t not compromise the bank’s security because of the excellent security that they have implemented but it does show the vulnerability of the underlying network.

The main lesson for people is to keep an eye on your browser because as you saw, the browser showed the correct site but address was webskandiabanken.no.

If you are a regular user of the bank website you should be ok due to the way attack works, as for it to work, you must not have visited the bank in that browser before.

Again, many thanks for their kind permission.

NDC 2015–Session Resources

Here are the resources from my talk “A Pentester’s Toolkit” which I presented today at NDC 2015. Thanks to all of you who came to my talk and I hope you got something out of it.

Since there was a lot of tools shown, I didn’t post a link to them in the session but instead they are listed here in order of appearance in the talk.

Web Links

Recon Tools

Exploit Tools

Network tools