Exploit Delivery

Saumil Shah
Saumil ShahCEO and Founder, Net Square at Net Square
net-square Hi! Your exploits have arrived.
net-square # who am i • Saumil Shah, CEO Net-square • LinkedIn: saumilshah
net-square The Web Has Evolved "The amount of intelligence in the world is constant. And the population is increasing."
net-square Browser Wars Death of Standards HTTP +0.1 HTML?
net-square THE WEB WE LIVE IN 5
net-square 5 Wider Attack Surface
net-square 5 Ease of Exploitation
net-square 5 Mass Manufacturing
net-square Complexity... 5
net-square 5 A New Dimension!
net-square Exploit Mitigation Techniques
net-square /GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP
net-square /GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP SEH overwrites non-SEH DLLs Return to LibC Heap Sprays ROP JIT Sprays
net-square I can haz sandbox I Also Can!
net-square IM IN UR BASE KILLING UR D00DZ Sploit Time!
net-square See no EVAL CVE 2010-2883 (0+10) day exploit Obfuscated Javascript decoded without using eval, document.write, etc.
net-square Who you gonna call?
net-square howstuffworks - Anti Virus YER NOT ON THE LIST! COME ON IN.
net-square howstuffworks - Anti Virus These are not the sploitz you're looking for.
net-square 0-day to the Face! "To get our new signature files you need a valid support plan."
net-square ...and keep on patching
net-square Jedi Web Tricks Short.nr Clever JS Scripts without scripts HTML5
net-square W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010]
net-square We Broked Teh Webz! HTML Standards... What Standards? Object access JS too powerful SRC= HTTP Old and idiotic Stateless No Auth Bursty
net-square Application Delivery The Web at present Authentication Statefulness Data Typing Non-mutable HTTP HTML AJAX Flash Sandbox HTML5 Anti-XSS WAF Silverlight Web sockets MIND THE GAP
net-square Sploit Time!
net-square smb:// mrl buffer overflow
net-square VLC smb:// overflow - playlist <?xml version="1.0" encoding="UTF-8"?> <playlist version="1" xmlns="http://xspf.org/ns/0/" xmlns:vlc="http://www.videolan.org/vlc/playlist/ns/0/"> <title>Playlist</title> <trackList> <track> <location> smb://example.com@0.0.0.0/foo/#{AAAAAAAA....} </location> <extension application="http://www.videolan.org/vlc/playlist/0"> <vlc:id>0</vlc:id> </extension> </track> </trackList> </playlist>
net-square
net-square Alpha Encoded Exploit Tiny URL ZOMFG
net-square 100% Pure Alphanum!
net-square VLC smb overflow - HTMLized!! <embed type="application/x-vlc-plugin" width="320" height="200" target="http://tinyurl.com/ycctrzf" id="vlc" /> I'm in ur browser.... ...blowin up ur g00dz pwn
net-square This iz what ?
net-square I'm an evil Javascript I'm an innocent image
net-square <CANVAS>
net-square The Solution? HTML 8.0 HTTP 2.0 Browser Security Model Self Contained Apps
net-square secure . automate . innovate www.net-square.com kthxbai
1 of 37

Exploit Delivery

Technology
Saumil Shah
Saumil ShahCEO and Founder, Net Square at Net Square

Recommended

暗号技術入門 秘密の国のアリス 総集編 by
暗号技術入門 秘密の国のアリス 総集編暗号技術入門 秘密の国のアリス 総集編
暗号技術入門 秘密の国のアリス 総集編京大 マイコンクラブ
8.3K views151 slides
PostgreSQLの行レベルセキュリティと SpringAOPでマルチテナントの ユーザー間情報漏洩を防止する (JJUG CCC 2021 Spring) by
PostgreSQLの行レベルセキュリティと SpringAOPでマルチテナントの ユーザー間情報漏洩を防止する (JJUG CCC 2021 Spring)PostgreSQLの行レベルセキュリティと SpringAOPでマルチテナントの ユーザー間情報漏洩を防止する (JJUG CCC 2021 Spring)
PostgreSQLの行レベルセキュリティと SpringAOPでマルチテナントの ユーザー間情報漏洩を防止する (JJUG CCC 2021 Spring)Koichiro Matsuoka
15.4K views73 slides
Dockerセキュリティ: 今すぐ役に立つテクニックから,次世代技術まで by
Dockerセキュリティ: 今すぐ役に立つテクニックから,次世代技術まで Dockerセキュリティ: 今すぐ役に立つテクニックから,次世代技術まで
Dockerセキュリティ: 今すぐ役に立つテクニックから,次世代技術までAkihiro Suda
24.5K views55 slides
モノタロウの1900万商品を検索する Elasticsearch構築運用事例(2022-10-26 第50回Elasticsearch 勉強会発表資料) by
モノタロウの1900万商品を検索する Elasticsearch構築運用事例(2022-10-26 第50回Elasticsearch 勉強会発表資料)モノタロウの1900万商品を検索する Elasticsearch構築運用事例(2022-10-26 第50回Elasticsearch 勉強会発表資料)
モノタロウの1900万商品を検索する Elasticsearch構築運用事例(2022-10-26 第50回Elasticsearch 勉強会発表資料)株式会社MonotaRO Tech Team
602 views36 slides
Mongo sharding by
Mongo shardingMongo sharding
Mongo shardingTakahiro Inoue
42.1K views60 slides
後悔しないもんごもんごの使い方 〜アプリ編〜 by
後悔しないもんごもんごの使い方 〜アプリ編〜後悔しないもんごもんごの使い方 〜アプリ編〜
後悔しないもんごもんごの使い方 〜アプリ編〜Masakazu Matsushita
10.5K views58 slides

More Related Content

What's hot

凝集度と責務 by
凝集度と責務凝集度と責務
凝集度と責務Toshinori Chiba
344 views33 slides
ざっくり DDD 入門!! by
ざっくり DDD 入門!!ざっくり DDD 入門!!
ざっくり DDD 入門!!Yukei Wachi
10.2K views34 slides
マイクロサービスにおける 結果整合性との戦い by
マイクロサービスにおける 結果整合性との戦いマイクロサービスにおける 結果整合性との戦い
マイクロサービスにおける 結果整合性との戦いota42y
12.3K views41 slides
MongoDB Oplog入門 by
MongoDB Oplog入門MongoDB Oplog入門
MongoDB Oplog入門Takahiro Inoue
7.2K views24 slides
Springを何となく使ってる人が抑えるべきポイント by
Springを何となく使ってる人が抑えるべきポイントSpringを何となく使ってる人が抑えるべきポイント
Springを何となく使ってる人が抑えるべきポイント土岐 孝平
25.1K views18 slides
ソーシャルゲームにおけるMongoDB適用事例 - Animal Land by
ソーシャルゲームにおけるMongoDB適用事例 - Animal LandソーシャルゲームにおけるMongoDB適用事例 - Animal Land
ソーシャルゲームにおけるMongoDB適用事例 - Animal LandMasakazu Matsushita
11.2K views43 slides

What's hot(20)

凝集度と責務 by Toshinori Chiba
凝集度と責務凝集度と責務
凝集度と責務
Toshinori Chiba344 views
ざっくり DDD 入門!! by Yukei Wachi
ざっくり DDD 入門!!ざっくり DDD 入門!!
ざっくり DDD 入門!!
Yukei Wachi10.2K views
マイクロサービスにおける 結果整合性との戦い by ota42y
マイクロサービスにおける 結果整合性との戦いマイクロサービスにおける 結果整合性との戦い
マイクロサービスにおける 結果整合性との戦い
ota42y12.3K views
MongoDB Oplog入門 by Takahiro Inoue
MongoDB Oplog入門MongoDB Oplog入門
MongoDB Oplog入門
Takahiro Inoue7.2K views
Springを何となく使ってる人が抑えるべきポイント by 土岐 孝平
Springを何となく使ってる人が抑えるべきポイントSpringを何となく使ってる人が抑えるべきポイント
Springを何となく使ってる人が抑えるべきポイント
土岐 孝平25.1K views
ソーシャルゲームにおけるMongoDB適用事例 - Animal Land by Masakazu Matsushita
ソーシャルゲームにおけるMongoDB適用事例 - Animal LandソーシャルゲームにおけるMongoDB適用事例 - Animal Land
ソーシャルゲームにおけるMongoDB適用事例 - Animal Land
Masakazu Matsushita11.2K views
WebAssemblyのWeb以外のことぜんぶ話す by Takaya Saeki
WebAssemblyのWeb以外のことぜんぶ話すWebAssemblyのWeb以外のことぜんぶ話す
WebAssemblyのWeb以外のことぜんぶ話す
Takaya Saeki28.2K views
マルチテナントのアプリケーション実装〜実践編〜 by Yoshiki Nakagawa
マルチテナントのアプリケーション実装〜実践編〜マルチテナントのアプリケーション実装〜実践編〜
マルチテナントのアプリケーション実装〜実践編〜
Yoshiki Nakagawa4.2K views
MongoDBが遅いときの切り分け方法 by Tetsutaro Watanabe
MongoDBが遅いときの切り分け方法MongoDBが遅いときの切り分け方法
MongoDBが遅いときの切り分け方法
Tetsutaro Watanabe34.8K views
Twitterのsnowflakeについて by moai kids
TwitterのsnowflakeについてTwitterのsnowflakeについて
Twitterのsnowflakeについて
moai kids24.8K views
DDDのモデリングとは何なのか、 そしてどうコードに落とすのか by Koichiro Matsuoka
DDDのモデリングとは何なのか、 そしてどうコードに落とすのかDDDのモデリングとは何なのか、 そしてどうコードに落とすのか
DDDのモデリングとは何なのか、 そしてどうコードに落とすのか
Koichiro Matsuoka48.5K views
Zaim 500万ユーザに向けて〜Aurora 編〜 by Wataru Nishimoto
Zaim 500万ユーザに向けて〜Aurora 編〜Zaim 500万ユーザに向けて〜Aurora 編〜
Zaim 500万ユーザに向けて〜Aurora 編〜
Wataru Nishimoto8.2K views
MongoDBを用いたソーシャルアプリのログ解析 〜解析基盤構築からフロントUIまで、MongoDBを最大限に活用する〜 by Takahiro Inoue
MongoDBを用いたソーシャルアプリのログ解析 〜解析基盤構築からフロントUIまで、MongoDBを最大限に活用する〜MongoDBを用いたソーシャルアプリのログ解析 〜解析基盤構築からフロントUIまで、MongoDBを最大限に活用する〜
MongoDBを用いたソーシャルアプリのログ解析 〜解析基盤構築からフロントUIまで、MongoDBを最大限に活用する〜
Takahiro Inoue43.2K views
AWSでのビッグデータ分析 by Amazon Web Services Japan
AWSでのビッグデータ分析AWSでのビッグデータ分析
AWSでのビッグデータ分析
Amazon Web Services Japan23.8K views
XSS - Do you know EVERYTHING? by Yurii Bilyk
XSS - Do you know EVERYTHING?XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?
Yurii Bilyk4.8K views
DynamoDB設計のちょっとした技 by Yoichi Toyota
DynamoDB設計のちょっとした技DynamoDB設計のちょっとした技
DynamoDB設計のちょっとした技
Yoichi Toyota1.4K views
だれも教えてくれないJavaの世界。 あと、ぼくが会社員になったわけ。 by なおき きしだ
だれも教えてくれないJavaの世界。 あと、ぼくが会社員になったわけ。だれも教えてくれないJavaの世界。 あと、ぼくが会社員になったわけ。
だれも教えてくれないJavaの世界。 あと、ぼくが会社員になったわけ。
なおき きしだ42.5K views
モノリスからマイクロサービスへの移行 ~ストラングラーパターンの検証~(Spring Fest 2020講演資料) by NTT DATA Technology & Innovation
モノリスからマイクロサービスへの移行 ~ストラングラーパターンの検証~(Spring Fest 2020講演資料)モノリスからマイクロサービスへの移行 ~ストラングラーパターンの検証~(Spring Fest 2020講演資料)
モノリスからマイクロサービスへの移行 ~ストラングラーパターンの検証~(Spring Fest 2020講演資料)
NTT DATA Technology & Innovation3.8K views
SQLおじさん(自称)がBigQueryのStandard SQLを使ってみた by Kumano Ryo
SQLおじさん(自称)がBigQueryのStandard SQLを使ってみたSQLおじさん(自称)がBigQueryのStandard SQLを使ってみた
SQLおじさん(自称)がBigQueryのStandard SQLを使ってみた
Kumano Ryo18.9K views
2015/11/15 Javaでwebアプリケーション入門 by Asami Abe
2015/11/15 Javaでwebアプリケーション入門2015/11/15 Javaでwebアプリケーション入門
2015/11/15 Javaでwebアプリケーション入門
Asami Abe81.1K views

Viewers also liked

Stegosploit - Hacking With Pictures HITB2015AMS by
Stegosploit - Hacking With Pictures HITB2015AMSStegosploit - Hacking With Pictures HITB2015AMS
Stegosploit - Hacking With Pictures HITB2015AMSSaumil Shah
18.7K views51 slides
Hacking with Pictures - Hack.LU 2014 by
Hacking with Pictures - Hack.LU 2014Hacking with Pictures - Hack.LU 2014
Hacking with Pictures - Hack.LU 2014Saumil Shah
14.3K views29 slides
Hacking With Pictures SyScan 2015 by
Hacking With Pictures SyScan 2015Hacking With Pictures SyScan 2015
Hacking With Pictures SyScan 2015Saumil Shah
23.9K views32 slides
Introduction to Debuggers by
Introduction to DebuggersIntroduction to Debuggers
Introduction to DebuggersSaumil Shah
26.6K views156 slides
Stegosploit - Hack.LU 2015 by
Stegosploit - Hack.LU 2015Stegosploit - Hack.LU 2015
Stegosploit - Hack.LU 2015Saumil Shah
2.9K views51 slides
Operating Systems - A Primer by
Operating Systems - A PrimerOperating Systems - A Primer
Operating Systems - A PrimerSaumil Shah
23.9K views68 slides

Viewers also liked(20)

Stegosploit - Hacking With Pictures HITB2015AMS by Saumil Shah
Stegosploit - Hacking With Pictures HITB2015AMSStegosploit - Hacking With Pictures HITB2015AMS
Stegosploit - Hacking With Pictures HITB2015AMS
Saumil Shah18.7K views
Hacking with Pictures - Hack.LU 2014 by Saumil Shah
Hacking with Pictures - Hack.LU 2014Hacking with Pictures - Hack.LU 2014
Hacking with Pictures - Hack.LU 2014
Saumil Shah14.3K views
Hacking With Pictures SyScan 2015 by Saumil Shah
Hacking With Pictures SyScan 2015Hacking With Pictures SyScan 2015
Hacking With Pictures SyScan 2015
Saumil Shah23.9K views
Introduction to Debuggers by Saumil Shah
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
Saumil Shah26.6K views
Stegosploit - Hack.LU 2015 by Saumil Shah
Stegosploit - Hack.LU 2015Stegosploit - Hack.LU 2015
Stegosploit - Hack.LU 2015
Saumil Shah2.9K views
Operating Systems - A Primer by Saumil Shah
Operating Systems - A PrimerOperating Systems - A Primer
Operating Systems - A Primer
Saumil Shah23.9K views
How Functions Work by Saumil Shah
How Functions WorkHow Functions Work
How Functions Work
Saumil Shah27.1K views
Dive into ROP - a quick introduction to Return Oriented Programming by Saumil Shah
Dive into ROP - a quick introduction to Return Oriented ProgrammingDive into ROP - a quick introduction to Return Oriented Programming
Dive into ROP - a quick introduction to Return Oriented Programming
Saumil Shah49.7K views
When Bad Things Come In Good Packages by Saumil Shah
When Bad Things Come In Good PackagesWhen Bad Things Come In Good Packages
When Bad Things Come In Good Packages
Saumil Shah7K views
Deadly pixels - NSC 2013 by Saumil Shah
Deadly pixels - NSC 2013Deadly pixels - NSC 2013
Deadly pixels - NSC 2013
Saumil Shah6.5K views
CSW2017 Harri hursti csw17 final by CanSecWest
CSW2017 Harri hursti csw17 finalCSW2017 Harri hursti csw17 final
CSW2017 Harri hursti csw17 final
CanSecWest1.5K views
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day by CanSecWest
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest1.2K views
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security by CanSecWest
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest2.8K views
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT by CanSecWest
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest1.4K views
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final by CanSecWest
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest4K views
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy... by CanSecWest
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CanSecWest2.1K views
CSW2017 Enrico branca What if encrypted communications are not as secure as w... by CanSecWest
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CanSecWest2.7K views
CSW2017 Privilege escalation on high-end servers due to implementation gaps i... by CanSecWest
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CanSecWest2.4K views
CSW2017 Mickey+maggie low cost radio attacks on modern platforms by CanSecWest
CSW2017 Mickey+maggie low cost radio attacks on modern platformsCSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CanSecWest1.6K views
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark by CanSecWest
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_markCSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CanSecWest4.1K views

Similar to Exploit Delivery

2010 A Net Odyssey by
2010 A Net Odyssey2010 A Net Odyssey
2010 A Net OdysseySaumil Shah
652 views36 slides
Exploitation and State Machines by
Exploitation and State MachinesExploitation and State Machines
Exploitation and State MachinesMichael Scovetta
7.1K views44 slides
2012: The End of the World? by
2012: The End of the World?2012: The End of the World?
2012: The End of the World?Saumil Shah
5.9K views50 slides
HKNOG 1.0 - DDoS attacks in an IPv6 World by
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldTom Paseka
5.7K views42 slides
Hacklu2011 tricaud by
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaudstricaud
558 views40 slides
stackconf 2021 | Why you should take care of infrastructure drift by
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftNETWAYS
39 views22 slides

Similar to Exploit Delivery(20)

2010 A Net Odyssey by Saumil Shah
2010 A Net Odyssey2010 A Net Odyssey
2010 A Net Odyssey
Saumil Shah652 views
Exploitation and State Machines by Michael Scovetta
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
Michael Scovetta7.1K views
2012: The End of the World? by Saumil Shah
2012: The End of the World?2012: The End of the World?
2012: The End of the World?
Saumil Shah5.9K views
HKNOG 1.0 - DDoS attacks in an IPv6 World by Tom Paseka
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
Tom Paseka5.7K views
Hacklu2011 tricaud by stricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
stricaud558 views
stackconf 2021 | Why you should take care of infrastructure drift by NETWAYS
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure drift
NETWAYS39 views
WebAssembly & Zero Trust for Code by All Things Open
WebAssembly & Zero Trust for CodeWebAssembly & Zero Trust for Code
WebAssembly & Zero Trust for Code
All Things Open60 views
W.E.B. 2010 - Web, Exploits, Browsers by Saumil Shah
W.E.B. 2010 - Web, Exploits, BrowsersW.E.B. 2010 - Web, Exploits, Browsers
W.E.B. 2010 - Web, Exploits, Browsers
Saumil Shah1.3K views
Surviving the Internet in 2010 by Saumil Shah
Surviving the Internet in 2010Surviving the Internet in 2010
Surviving the Internet in 2010
Saumil Shah583 views
FOSDEM 2021 - Infrastructure as Code Drift & Driftctl by Stephane Jourdan
FOSDEM 2021 - Infrastructure as Code Drift & DriftctlFOSDEM 2021 - Infrastructure as Code Drift & Driftctl
FOSDEM 2021 - Infrastructure as Code Drift & Driftctl
Stephane Jourdan63 views
W.E.B 2011 - The good, the bad, the ugly by Saumil Shah
W.E.B 2011 - The good, the bad, the uglyW.E.B 2011 - The good, the bad, the ugly
W.E.B 2011 - The good, the bad, the ugly
Saumil Shah889 views
A Technical Dive into Defensive Trickery by Dan Kaminsky
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive Trickery
Dan Kaminsky1.8K views
London Ceph Day: Ceph in the Echosystem by Ceph Community
London Ceph Day: Ceph in the EchosystemLondon Ceph Day: Ceph in the Echosystem
London Ceph Day: Ceph in the Echosystem
Ceph Community 990 views
CloudSec , don't forget Security in the Cloud ! by Kris Buytaert
CloudSec , don't forget Security in the Cloud !CloudSec , don't forget Security in the Cloud !
CloudSec , don't forget Security in the Cloud !
Kris Buytaert1.1K views
Finding harmony in web development by Christian Heilmann
Finding harmony in web developmentFinding harmony in web development
Finding harmony in web development
Christian Heilmann1.9K views
Php johannesburg meetup - talk 2014 - scaling php in the enterprise by Sarel van der Walt
Php johannesburg meetup - talk 2014 - scaling php in the enterprisePhp johannesburg meetup - talk 2014 - scaling php in the enterprise
Php johannesburg meetup - talk 2014 - scaling php in the enterprise
Sarel van der Walt845 views
How to build observability into Serverless (O'Reilly Velocity 2018) by Yan Cui
How to build observability into Serverless (O'Reilly Velocity 2018)How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)
Yan Cui2.7K views
Survive JavaScript - Strategies and Tricks by Juho Vepsäläinen
Survive JavaScript - Strategies and TricksSurvive JavaScript - Strategies and Tricks
Survive JavaScript - Strategies and Tricks
Juho Vepsäläinen5.2K views
WebWorkersCamp 2010 by Olivier Gutknecht
WebWorkersCamp 2010WebWorkersCamp 2010
WebWorkersCamp 2010
Olivier Gutknecht539 views
Next Generation DevOps in Drupal: DrupalCamp London 2014 by Barney Hanlon
Next Generation DevOps in Drupal: DrupalCamp London 2014Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014
Barney Hanlon2.9K views

More from Saumil Shah

The Hand That Strikes, Also Blocks by
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
98 views67 slides
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS by
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSSaumil Shah
91 views23 slides
Unveiling EMUX - ARM and MIPS IoT Emulation Framework by
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
265 views20 slides
Announcing ARMX Docker - DC11332 by
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
6.8K views29 slides
Precise Presentations by
Precise PresentationsPrecise Presentations
Precise PresentationsSaumil Shah
557 views18 slides
Effective Webinars: Presentation Skills for a Virtual Audience by
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
1.4K views28 slides

More from Saumil Shah(20)

The Hand That Strikes, Also Blocks by Saumil Shah
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
Saumil Shah98 views
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS by Saumil Shah
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Saumil Shah91 views
Unveiling EMUX - ARM and MIPS IoT Emulation Framework by Saumil Shah
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Saumil Shah265 views
Announcing ARMX Docker - DC11332 by Saumil Shah
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
Saumil Shah6.8K views
Precise Presentations by Saumil Shah
Precise PresentationsPrecise Presentations
Precise Presentations
Saumil Shah557 views
Effective Webinars: Presentation Skills for a Virtual Audience by Saumil Shah
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
Saumil Shah1.4K views
INSIDE ARM-X Cansecwest 2020 by Saumil Shah
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
Saumil Shah425 views
Cyberspace And Security - India's Decade Ahead by Saumil Shah
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
Saumil Shah1K views
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace by Saumil Shah
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Saumil Shah503 views
NSConclave2020 The Decade Behind And The Decade Ahead by Saumil Shah
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
Saumil Shah155 views
Cybersecurity In India - The Decade Ahead by Saumil Shah
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
Saumil Shah361 views
INSIDE ARM-X - Countermeasure 2019 by Saumil Shah
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
Saumil Shah13.9K views
Introducing ARM-X by Saumil Shah
Introducing ARM-XIntroducing ARM-X
Introducing ARM-X
Saumil Shah18.3K views
The Road To Defendable Systems - Emirates NBD by Saumil Shah
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
Saumil Shah630 views
The CISO's Dilemma 44CON 2019 by Saumil Shah
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
Saumil Shah1.1K views
The CISO's Dilemma HITBGSEC2019 by Saumil Shah
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
Saumil Shah903 views
Schrödinger's ARM Assembly by Saumil Shah
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
Saumil Shah659 views
ARM Polyglot Shellcode - HITB2019AMS by Saumil Shah
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
Saumil Shah1.9K views
What Makes a Compelling Photograph by Saumil Shah
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
Saumil Shah341 views
Make ARM Shellcode Great Again - HITB2018PEK by Saumil Shah
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
Saumil Shah373 views

Recently uploaded

Business Analyst Series 2023 - Week 4 Session 7 by
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7DianaGray10
80 views31 slides
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
56 views34 slides
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueShapeBlue
85 views54 slides
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
46 views29 slides
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlueShapeBlue
50 views23 slides
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... by
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
77 views29 slides

Recently uploaded(20)

Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray1080 views
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by ShapeBlue
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
ShapeBlue56 views
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue85 views
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue46 views
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
ShapeBlue50 views
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... by TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc77 views
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by ShapeBlue
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
ShapeBlue74 views
20231123_Camunda Meetup Vienna.pdf by Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH46 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue35 views
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive by Network Automation Forum
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Network Automation Forum46 views
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online by ShapeBlue
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue102 views
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
The Digital Insurer31 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue131 views
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson133 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue46 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil434 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp76 views
NTGapps NTG LowCode Platform by Mustafa Kuğu
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
Mustafa Kuğu141 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue145 views
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... by ShapeBlue
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
ShapeBlue82 views

Exploit Delivery

Editor's Notes

  1. Talk about the BROWSER WARS. The race is on for the fastest JS interpreter. IE vs FF, Chrome vs Safari, Chrome offering an IE-plugin (Frankenchrome), IE calling the Chrome plugin insecure, Steve Jobs trashing Flash, Chrome making Flash an integral part of the browser, and the list goes on...
  2. Talk about the BROWSER WARS. The race is on for the fastest JS interpreter. IE vs FF, Chrome vs Safari, Chrome offering an IE-plugin (Frankenchrome), IE calling the Chrome plugin insecure, Steve Jobs trashing Flash, Chrome making Flash an integral part of the browser, and the list goes on...
  3. Slew of recent Java vulnerabilities. Latest one being the command exec vuln with JavaWebStart. Quicktime, VLC and other plugins keep getting exploited regularly. So do toolbars.
  4. Flash Sprays
  5. URL Shorteners, can host an entire exploit.
  6. 800+ Javascript events, Video, and more
  7. Sandboxing isn't the solution.