Security/Meetings/Automation/2013-11-12: Difference between revisions

Jump to navigation Jump to search

Security/Meetings/Automation/2013-11-12 (view source)

Revision as of 17:45, 12 November 2013

1,520 bytes added ,  12 November 2013
no edit summary
(tmplate)
 
No edit summary
 
Line 1: Line 1:
<!-- Maybe don't screw with these links unless you've read this blog post:
= Agenda =
http://blog.johnath.com/2011/01/20/automatic-date-links-in-mediawiki/
* pnh demo
Just copy them to new pages and it should Just Work!-->
* personal updates
<center>[[Security/Meetings/Automation/{{#time: Y-m-d | {{SUBPAGENAME}} -1 week}}|&laquo; previous week]] | [[Security/Meetings/Automation|index]] | [[Security/Meetings/Automation/{{#time: Y-m-d | {{SUBPAGENAME}} +1 week}}|next week &raquo;]]</center>
* add your items to the agenda
= PnH Demo =
Mark demoes the content injection he added to Plug'n'Hack and Zap including capabilities to intercept, change and re-send postMessages in the browser
* discussing other relevant scripts
** https://github.com/qll/autoCSP (for identifying outgoing requests)
** https://www.sprymedia.co.uk/VisualEvent/ (to visualize event handlers)
= Status Updates =
* Frederik
** lazy automation week, mostly done websec reviews
* Jeff
** fought through instantiating a test environment (python 2.6..RHEL4, no make,yuck)
** basic elastic search interface in meteor grabbing bunker status
** Next step; injesting actual logs from syslog1 to test elastic search
* Tinfoil
** internet stormcenter like website for mozilla/opsec
* Psiinon
** preparations for appsec usa
** talk
** ZAP hackathon
* mgoodwin
** I've been working on the clients functionality for Plug-n-hack. Progress this week:
*** The 'probe' (content injection) client can now intercept, modify and resend postMessage for on and off origin iframes.punkt
*** This works on Chrome and Firefox. Should  (in theory) work in recent webkits (so probably web views on android / iOS too).
*** Started work on the addEventListener proxies for intercept / resend events.
*** I've got an (experimental) ringleader with the postMessage hook built in. No off-origin hackery required but since this is fx only it's not useful for all zap users.
* ulfr
** MongoDB storage in MIG. Action completion ratio (% of commands that finished, handle termination, etc..). https://github.com/mozilla/mig/commits/master
** IOC format discussion in MIG: tight json integration vs accepting any type of IOC format in modules without understanding them. Will be discussed in Q1 2014.
* stefan
** https://github.com/st3fan/minion-webcompat-icon-plugin
** https://basement.sateh.com/tmp/flask/ (try it with bug 935701 or 545760 or 544543 or 542391 (give it a few secondds))
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/760004"

Navigation menu