BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Why are you still\, using my server for your interne t access.\n When: Friday\, Aug 9\, 16:30 - 17:15 PDT\n Where: LVCC Wes t/Floor 3/W322-W327 - [1]Map\n\n Description:\n\n Pawning countries at top level domain by just buying one specific\n domain name ‘wpad.tldâ €™\, come hear about this more the 25+ years\n old issue and the researc h from running eight different wpad.tld\n domains for more than one year that turn into more the 1+ billion DNS\n request and more then 600+GB o f Apache log data with leaked\n information from the clients.\n\n This is the story about how easy it is to just buying one domain and\n then many hundreds of thousands of Internet clients will get auto\n pwned wit hout knowing it and start sending traffic to this\n man-in-the-middle se tup there is bypassing encryption and can change\n content with the abil ity to get the clients to download harmful\n content and execute it.\n\n The talk will explain the technical behind this issue and showcase why\ n and how clients will be trick into this Man-in-the-middle trap.\n\n 1. Description of wpad and the function\, include listing the\n se curity issue. [2]link\n\n 2. Navigator Proxy Auto-Config File Format f rom March 1996 [3]link\n\n 3. INTERNET-DRAFT 1999 for Web Proxy Auto-D iscovery Protocol [4]link\n\n 4. Microsoft Security Bulletin MS99-054 Critical Vulnerability from\n 1999 [5]link\n\n 5. Description of the wpad PAC javascript format. [6]link\n\n 6. Pentesting tool with f unction as a WPAD Proxy Server to capture\n credentials from clients . [7]link\n\n 7. WPAD Name Collision Vulnerability [8]link\n\n 8. WPAD Vulnerability [9]link [10]link\n\n 9. ICANN - Root Cause Analysis - wpad.domain.name [11]link\n\n 10. Windows proxy settings ultimate g uide part – WPAD/PAC\n configuration file\n\n * [12]link\n \n * [13]link\n\n * [14]link\n\n SpeakerBio: Thomas Boe jstrup Johansen\n\n Thomas Boejstrup Johansen aka Tooms has been in prof essional IT for\n more than 25+ years\, where the first 11+ years were a s a system\n administrator for a large Danish company and the last 14+ y ears as a\n security specialist with the work in the field of Reverse En gineering\n Malware\, Incident Response and Forensics but also physical redteam\n engagements and pentesting for customers.\n\n The last many years have been mainly as lead senior forensics\n investigator and incid ent response on many incidents including some\n more well known major in cidents like the incident in 2021 there got\n known around the world as Microsoft Exchange Hafnium vulnerability.\n\n '\n\n 1. #LVCCW_Level3_N orth\n 2. https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protoco l\n 3. https://web.archive.org/web/20070307124216/http://wp.netscape.com /eng/mozilla/2.0/relnotes/demo/proxy-live.html\n 4. https://datatracker. ietf.org/doc/html/draft-ietf-wrec-wpad-01\n 5. https://learn.microsoft.c om/en-us/security-updates/securitybulletins/1999/ms99-054\n 6. https://f indproxyforurl.com/\n 7. https://github.com/SpiderLabs/Responder\n 8. https://www.cisa.gov/news-events/alerts/2016/05/23/wpad-name-collision-vul nerability\n 9. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016- 10183\n 10. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1699 6\n 11. https://www.icann.org/en/system/files/files/root-cause-analysis- wpad-18jan23-en.pdf\n 12. https://igorpuhalo.wordpress.com/2022/03/02/wi ndows-proxy-settings-ultimate-guide-part-i-wininet-vs-winhttp/\n 13. htt ps://igorpuhalo.wordpress.com/2022/07/15/windows-proxy-settings-ultimate-g uide-part-ii-configuring-proxy-settings/\n 14. https://igorpuhalo.wordpr ess.com/2022/08/09/windows-proxy-settings-ultimate-guide-part-iii-wpad-pac -configuration-file/\n\n\n DTEND:20240810T001500Z DTSTART:20240809T233000Z LOCATION:DC - LVCC West/Floor 3/W322-W327 SUMMARY:Why are you still\, using my server for your internet access. END:VEVENT END:VCALENDAR