Aug 02 2009
Yes, still one more Black Hat Microcast to go. This is the longest microcast in Zach’s pack so far, and Shawn and Nathan did a great job running through the gist of their talk, “Weaponizing the Web.” They discuss Cross-Site Request Forgery (CSRF) a bit, but with the added notion of applying it to sites that take user contributed content. They’ve also released a proof-of-concept tool, called MonkeyFist, to help demonstrate what they call “dynamic CSRF” attacks. (Note: Zach apologizes for splicing an additional intro in there as it wasn’t originally captured very well on the mic).