Create an Account
username: password:
 
  MemeStreams Logo

Abusing WCF to Perform Remote Port Scans - Gotham Digital Science

search

Security Reads
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Security Reads's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Abusing WCF to Perform Remote Port Scans - Gotham Digital Science
Topic: Miscellaneous 10:48 am EST, Feb 22, 2010

Last weekend at Shmoocon, I demonstrated how an attacker can trick certain WCF web services into performing an unauthorized port scan of machines behind a firewall. For those that were not able to attend the talk, the slides are posted here. The part that covers the port scanning technique may not be clear in isolation, so I’ll try and explain it in detail. The problem is related to the WSDualHttpBinding, so in order to understand how the scanning technique works you must first understand some WSDualHttpBinding basics.

Abusing WCF to Perform Remote Port Scans - Gotham Digital Science



 
 
Powered By Industrial Memetics
RSS2.0