Defcon Post-Mortem

Scott Behrens and I just got back from speaking about our new tool, BBQSQL, at Defcon. This was the first time speaking at Defcon for both of us and it proved to be one of the most intimidating and rewarding speaking engagements either of us have done.

To give a brief recap, BBQSQL is a Blind SQL Injection Exploitation tool. It is designed for speed and versatility – things that many of the currently available tools lack. To achieve versatility, we ask the user to input a lot of details about how she would like to perform the attack. To achieve speed, we use gevent for massive concurrency and attempt to use various algorithms to speed up the guessing of character values.

We also focused on writing clean code with detailed comments and thorough documentation, so you can hopefully learn everything you need to know from the github page. If you are feeling adventurous, go ahead and fork the project and we will gladly accept any pull requests. Similarly, if you run into problems or think of an awesome feature, submit an issue and we will try to be as responsive as possible.

If you want to check out our slides, you can find them here.

This entry was posted on Friday, August 3rd, 2012 at 9:50 am and is filed under Information Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Twitter

InformationWeek and Neohapsis report: "Do Your Due Diligence With The Cloud And PCI" bit.ly/10IybsY for full report--- 6 hours ago

Today is the first day of Hack Miami. We'll see you May 19 3pm ET for our discussion on web app and browser security bit.ly/Zy05eJ--- 3 days ago

Hack Miami is just days away. Join us May 19 3pm ET for a “State of the Web” address on web app and browser security bit.ly/Zy05eJ--- 5 days ago

Our CEO talks with @WSJ about what to look for when hiring a cybersecurity IT firm on.wsj.com/ZUUiNF--- 1 week ago

Join us @ Hack Miami on May 19 3pm ET for a discussion on the latest advances in web application and browser security bit.ly/Zy05eJ--- 1 week ago

Follow @neohapsis

2 Responses to Defcon Post-Mortem

deep says:

August 6, 2012 at 7:26 pm

I get this error when i try to install?

root@bt:~/Downloads/Neohapsis-bbqsql-e15ee90# python setup.py install
Traceback (most recent call last):
File “setup.py”, line 4, in
import bbqsql
File “/root/Downloads/Neohapsis-bbqsql-e15ee90/bbqsql/__init__.py”, line 30, in
from lib import *
File “/root/Downloads/Neohapsis-bbqsql-e15ee90/bbqsql/lib/__init__.py”, line 1, in
import api
File “/root/Downloads/Neohapsis-bbqsql-e15ee90/bbqsql/lib/api.py”, line 2, in
from .pretty_print import PrettyTable
File “/root/Downloads/Neohapsis-bbqsql-e15ee90/bbqsql/lib/pretty_print.py”, line 7, in
import gevent
ImportError: No module named gevent
root@bt:~/Downloads/Neohapsis-bbqsql-e15ee90#

- Ben Toews says:
  
  November 14, 2012 at 3:41 pm
  
  Yeah. The project depends on gevent. It easier if you just install the whole thing with pip
  
  “sudo pip install bbqsql”

Neohapsis Labs