×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Script Fragmentation - Stephan Chenette - OWASP/RSA 2008

by Director of Research and Development at IOActive, Inc. on Aug 07, 2012

  • 746 views

ERA 2008 - Stephan Chenette, Presentation on Script Fragmentation attack...

ERA 2008 - Stephan Chenette, Presentation on Script Fragmentation attack

Abstract: This presentation will introduce a new web-based attack vector which utilizes client-side scripting to fragment malicious web content.

This involves distributing web exploits in a asynchronous manner to evade signature detection. Similar to TCP fragmentation attacks, which are still an issue in current IDS/IPS products, This attack vector involves sending any web exploit in fragments and uses the already existing components within the web browser to reassemble and execute the exploit.

Our presentation will discuss this attack vector used to evade both gateway and client side detection. We will show several proof of concepts containing common readily available web exploits.

Statistics

Views

Total Views
746
Views on SlideShare
742
Embed Views
4

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 4

http://www.linkedin.com 4

Accessibility

Upload Details

Uploaded via SlideShare as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
Post Comment
Edit your comment

Script Fragmentation - Stephan Chenette - OWASP/RSA 2008 Script Fragmentation - Stephan Chenette - OWASP/RSA 2008 Presentation Transcript