SlideShare a Scribd company logo

[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012

Zoltan Balazs
Zoltan Balazs

The document discusses the history and risks of malicious browser extensions. It begins with a brief history of malicious Firefox extensions from 2004-2012, noting a rise from 5 extensions in 2011 to 48 from January to October 2012. The document then demonstrates a home-made Firefox extension that can perform command and control, steal cookies/passwords, and execute code remotely. It discusses disadvantages of browser extensions compared to other malware. Finally, it acknowledges risks of zombie browsers and calls on antivirus developers, browser developers, website developers and users to address these risks.

Technology
1 of 47
Download to read offline
Introduction Zoltán Balázs ITSEC consultant Deloitte Hungary OSCP, CISSP, C|HFI, CPTS, MCP http://www.slideshare.net/bz98 Cyberlympics finals Member of the gula.sh team
I love Hacking
I love Zombie movies
I love LOLcats
Zombies + Hacking + LOLcats = I R ZOMBIE BROWSER
Zombie browsers, spiced with rootkit extensions Hacktivity 2012 • Legal disclaimer: • Every point of views and thoughts are mine. • The next presentation’s contents do not have any connection with my employers opinion, whether past, present or future. • What you will hear can be only used in test labs, and only for the good.
About:presentation • History of malicious extensions (add-on, plug-in, extension, BHO) • Focus on Firefox, Chrome, Safari • Advantages – disadvantages • Browser extension rootkits • Live demo – home made extension
History of malicious Firefox extensions • 90% of malicious extensions were created for Facebook spamming • 2004-2010: 5 • 2011: 5 • Jan 01, 2012 – Oct 06, 2012: 48* *Data from mozilla.org
More examples on Facecrook Text ©f-secure
My zombie extension • Command and Control • Stealing cookies, passwords • Uploading/downloading files (Firefox, Chrome NPAPI on todo list) • Binary execution (Firefox - Windows, Chrome NPAPI on todo list) • Geolocation
Safari demo
Installing the extension Physical access Social Engineering Remote code execution – without user interaction
Firefox rootkit 1 • Hook into other extension (even signed ones)
Firefox rootkit 2 • visible = false
Firefox rootkit 3 • seen in the wild
Quick Quiz - for Hacker Pschorr
Quick Quiz • Which company developed the first Netscape plugin? • *****
Quick Quiz • Which company developed the first Netscape plugin? • A***e
Quick Quiz • Which company developed the first Netscape plugin? • Adobe in 1995
Risks of a Zombie Browser • Eats your brain while you are asleep
Risks of a Zombie Browser
Risks of a Zombie Browser • Firewall/proxy  • Local firewall  • Application whitelisting  • Web-filtering 
Risks of a Zombie Browser • Cross-platform  • Cross-domain Universal XSS  • Every secret is available  • Password input method does not matter (password safe, virtual keyboard, etc.) • Before SSL (+JS obfuscation) • Malicious source codes are available  • Advantage against meterpreter  • exe/dll is not needed for persistence • Writing into registry is not needed
Risks of a zombie browser • Low AV signature based detection rate  • Sample from January 2011. – October 2012. 0/44 • Extension vs. behavioral based detection 
Risks of a zombie browser • Low AV signature based detection rate  • Sample from January 2011. – October 2012. 0/44 • Extension vs. behavioral based detection 
Friendly message to AV developers: try harder… Code snippets from undetected malicious browser extension var _0x39fe=["x73x63x72x69x70x74","x63x72x65x61x74x65 x45x6Cx65x6Dx65x6E x74","x74x79x70x65","x74x65x78x74… _0xaed4=[_0x39fe[0],_0x39fe[1],_0x39fe[2],_0x39fe[3],_0x39fe[4],_0x39f e[5],_0x39fe[6],_0x39fe[7],_0x39fe[8],_0x39fe[9]]; keylogger_namespace.keylogger… for(var x in mothership){if (mothership[x].command == "eval") {eval(mothership[x].data);
Profit ...
Firefox
Disadvantages (for the Hacker) • Not a real rootkit • Browser limitations (eg. portscan) • Platform limitations (eg. Execute binary code only on Windows) • Runs in user space • Runs only when browser is open • Extensions are not yet supported in: • Chrome on Android/iOS • Safari on iOS
Chrome - rootkit
Chrome - distributed password hash cracking • Idea and coding by my friend and colleague, WoFF • Password hash cracking performance • Javascript: 82,000 hash/sec • Chrome native client: 840,000 hash/sec • Native code (john): 11,400,000 hash/sec
ChromeOS DEMO
ChromeOS DEMO Not today :-( no extension install from 3rd party site no Flash, no Java, no NPAPI
ChromeOS DEMO Not today :-( no extension install from 3rd party site no Flash, no Java, no NPAPI
Firefox webcam
Browser extensions might be bad • @antivirus developers • Be reactive • The browser is the new OS • @browser developers (Mozilla) • Default deny installing extensions from 3rd-party sites • Chrome-level security • Require permissions • Extension components – separate privileges • @browser developers (Google) – keep on the good job • but disable NPAPI :)
Browser extensions might be bad • @website developers • There is no prevention against password stealing • Cookie-stealing • Restrict session to IP (by default) • @users • Beware of malicious browser extensions • Use separated OS for e-banking and other sensitive stuff • Removing - create new clean profile in clean OS • @companies • Control which browsers users can use • Restrict extensions via GPO
Browser extensions might be bad, Mmmkay??? zbalazs@deloittece.com zbalazs4 hu.linkedin.com/in/zbalazs Code will be released under GPL in 2012 Greetz to @hekkcamp
References • Grégoire Gentil: Hack any website, 2003 • Christophe Devaux, Julien Lenoir: Browser rootkits, 2008 • Duarte Silva: Firefox FFSpy PoC, 2008 • Andreas Grech: Stealing login details with a Google Chrome extension, 2010 • Matt Johansen, Kyle Osborn: Hacking Google ChromeOS, 2011 • Nicolas Paglieri: Attacking Web Browsers, 2012

Recommended

Zombie browsers spiced with rootkit extensions - DefCamp 2012
Zombie browsers spiced with rootkit extensions - DefCamp 2012Zombie browsers spiced with rootkit extensions - DefCamp 2012
Zombie browsers spiced with rootkit extensions - DefCamp 2012
DefCamp
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-security
Priyanka Aash
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
Greg Foss
 
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsnDEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
Felipe Prado
 
Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana) Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana)
Pratimesh Pathak
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
qqlan
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit framework
Prashanth Sivarajan
 
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
 

Recommended

Zombie browsers spiced with rootkit extensions - DefCamp 2012
Zombie browsers spiced with rootkit extensions - DefCamp 2012Zombie browsers spiced with rootkit extensions - DefCamp 2012
Zombie browsers spiced with rootkit extensions - DefCamp 2012
DefCamp
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-security
Priyanka Aash
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
Greg Foss
 
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsnDEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
Felipe Prado
 
Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana) Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana)
Pratimesh Pathak
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
qqlan
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit framework
Prashanth Sivarajan
 
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
OWASP
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)
Chris Nickerson
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
HeadLightSecurity
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
Oles Seheda
 
Fuzzing
FuzzingFuzzing
Fuzzing
Khalegh Salehi
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
jakobkorherr
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
StopTheHacker
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the script
Chris Nickerson
 
Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018
Niranjanaa Ragupathy
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Jeremiah Grossman
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
ConnectSafely
 
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
OWASP
 
"Introduction to Bug Hunting", Yasser Ali
"Introduction to Bug Hunting", Yasser Ali"Introduction to Bug Hunting", Yasser Ali
"Introduction to Bug Hunting", Yasser Ali
HackIT Ukraine
 
Devouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and DefencesDevouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and Defences
gmaran23
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
xabean
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
Zoltan Balazs
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
 
Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)
Krzysztof Kotowicz
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 

More Related Content

What's hot

[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
OWASP
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)
Chris Nickerson
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
HeadLightSecurity
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
Oles Seheda
 
Fuzzing
FuzzingFuzzing
Fuzzing
Khalegh Salehi
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
jakobkorherr
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
StopTheHacker
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the script
Chris Nickerson
 
Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018
Niranjanaa Ragupathy
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Jeremiah Grossman
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
ConnectSafely
 
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
OWASP
 
"Introduction to Bug Hunting", Yasser Ali
"Introduction to Bug Hunting", Yasser Ali"Introduction to Bug Hunting", Yasser Ali
"Introduction to Bug Hunting", Yasser Ali
HackIT Ukraine
 
Devouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and DefencesDevouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and Defences
gmaran23
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
xabean
 

What's hot (16)

[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)Nightmares of a Penetration Tester ( How to protect your network)
Nightmares of a Penetration Tester ( How to protect your network)
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
 
Fuzzing
FuzzingFuzzing
Fuzzing
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
 
Flipping the script
Flipping the scriptFlipping the script
Flipping the script
 
Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
 
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
 
"Introduction to Bug Hunting", Yasser Ali
"Introduction to Bug Hunting", Yasser Ali"Introduction to Bug Hunting", Yasser Ali
"Introduction to Bug Hunting", Yasser Ali
 
Devouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and DefencesDevouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and Defences
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 

Similar to [ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012

[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
Zoltan Balazs
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
 
Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)
Krzysztof Kotowicz
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And Attribution
Michael Boman
 
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting EnginesWeb-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Engines
c0c0n - International Cyber Security and Policing Conference
 
JavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAPJavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAP
Simon Bennetts
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]
Juniper Networks
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 
Krzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comesKrzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comes
Yury Chemerkin
 
A Brave New World
A Brave New WorldA Brave New World
A Brave New World
SensePost
 
Privacy in private browsing mode
Privacy in private browsing modePrivacy in private browsing mode
Privacy in private browsing mode
Aparna “Ash” Himmatramka
 
Forensics WS Consolidated
Forensics WS ConsolidatedForensics WS Consolidated
Forensics WS Consolidated
Karter Rohrer
 
External JavaScript Widget Development Best Practices
External JavaScript Widget Development Best PracticesExternal JavaScript Widget Development Best Practices
External JavaScript Widget Development Best Practices
Volkan Özçelik
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
Volkan Özçelik
 
Something wicked this way comes - CONFidence
Something wicked this way comes - CONFidenceSomething wicked this way comes - CONFidence
Something wicked this way comes - CONFidence
Krzysztof Kotowicz
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
Muhammad Khizer Javed
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
David Stockton
 

Similar to [ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012 (20)

[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
 
Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And Attribution
 
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting EnginesWeb-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Engines
 
JavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAPJavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAP
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 
Krzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comesKrzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comes
 
A Brave New World
A Brave New WorldA Brave New World
A Brave New World
 
Privacy in private browsing mode
Privacy in private browsing modePrivacy in private browsing mode
Privacy in private browsing mode
 
Forensics WS Consolidated
Forensics WS ConsolidatedForensics WS Consolidated
Forensics WS Consolidated
 
External JavaScript Widget Development Best Practices
External JavaScript Widget Development Best PracticesExternal JavaScript Widget Development Best Practices
External JavaScript Widget Development Best Practices
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
 
Something wicked this way comes - CONFidence
Something wicked this way comes - CONFidenceSomething wicked this way comes - CONFidence
Something wicked this way comes - CONFidence
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 
Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 

More from Zoltan Balazs

[ Hackersuli ] Privacy on the blockchain
[ Hackersuli ] Privacy on the blockchain[ Hackersuli ] Privacy on the blockchain
[ Hackersuli ] Privacy on the blockchain
Zoltan Balazs
 
MLSEC 2020
MLSEC 2020MLSEC 2020
MLSEC 2020
Zoltan Balazs
 
Web3 + scams = It's a match
Web3 + scams = It's a matchWeb3 + scams = It's a match
Web3 + scams = It's a match
Zoltan Balazs
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
Zoltan Balazs
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
Zoltan Balazs
 
Explain Ethereum smart contract hacking like i am a five
Explain Ethereum smart contract hacking like i am a fiveExplain Ethereum smart contract hacking like i am a five
Explain Ethereum smart contract hacking like i am a five
Zoltan Balazs
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
Zoltan Balazs
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automated
Zoltan Balazs
 
Hacking Windows 95 #33c3
Hacking Windows 95 #33c3Hacking Windows 95 #33c3
Hacking Windows 95 #33c3
Zoltan Balazs
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
Sandboxes
SandboxesSandboxes
Sandboxes
Zoltan Balazs
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
 
Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT) Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT)
Zoltan Balazs
 
[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland
Zoltan Balazs
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
Zoltan Balazs
 
[HUN] Védtelen böngészők - Ethical Hacking
[HUN] Védtelen böngészők - Ethical Hacking [HUN] Védtelen böngészők - Ethical Hacking
[HUN] Védtelen böngészők - Ethical Hacking Zoltan Balazs
 
[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő
[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő
[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő
Zoltan Balazs
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie
Zoltan Balazs
 
[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s
[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s
[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s
Zoltan Balazs
 

More from Zoltan Balazs (20)

[ Hackersuli ] Privacy on the blockchain
[ Hackersuli ] Privacy on the blockchain[ Hackersuli ] Privacy on the blockchain
[ Hackersuli ] Privacy on the blockchain
 
MLSEC 2020
MLSEC 2020MLSEC 2020
MLSEC 2020
 
Web3 + scams = It's a match
Web3 + scams = It's a matchWeb3 + scams = It's a match
Web3 + scams = It's a match
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
 
Explain Ethereum smart contract hacking like i am a five
Explain Ethereum smart contract hacking like i am a fiveExplain Ethereum smart contract hacking like i am a five
Explain Ethereum smart contract hacking like i am a five
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automated
 
Hacking Windows 95 #33c3
Hacking Windows 95 #33c3Hacking Windows 95 #33c3
Hacking Windows 95 #33c3
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Sandboxes
SandboxesSandboxes
Sandboxes
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT) Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT)
 
[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
 
[HUN] Védtelen böngészők - Ethical Hacking
[HUN] Védtelen böngészők - Ethical Hacking [HUN] Védtelen böngészők - Ethical Hacking
[HUN] Védtelen böngészők - Ethical Hacking
 
[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő
[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő
[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie
 
[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s
[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s
[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s
 

Recently uploaded

leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 

Recently uploaded (20)

leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 

[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012

  • 1. Introduction Zoltán Balázs ITSEC consultant Deloitte Hungary OSCP, CISSP, C|HFI, CPTS, MCP http://www.slideshare.net/bz98 Cyberlympics finals Member of the gula.sh team
  • 3. I love Zombie movies
  • 5. Zombies + Hacking + LOLcats = I R ZOMBIE BROWSER
  • 6. Zombie browsers, spiced with rootkit extensions Hacktivity 2012 • Legal disclaimer: • Every point of views and thoughts are mine. • The next presentation’s contents do not have any connection with my employers opinion, whether past, present or future. • What you will hear can be only used in test labs, and only for the good.
  • 7. About:presentation • History of malicious extensions (add-on, plug-in, extension, BHO) • Focus on Firefox, Chrome, Safari • Advantages – disadvantages • Browser extension rootkits • Live demo – home made extension
  • 8.
  • 9. History of malicious Firefox extensions • 90% of malicious extensions were created for Facebook spamming • 2004-2010: 5 • 2011: 5 • Jan 01, 2012 – Oct 06, 2012: 48* *Data from mozilla.org
  • 10. More examples on Facecrook Text ©f-secure
  • 11. My zombie extension • Command and Control • Stealing cookies, passwords • Uploading/downloading files (Firefox, Chrome NPAPI on todo list) • Binary execution (Firefox - Windows, Chrome NPAPI on todo list) • Geolocation
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 18. Installing the extension Physical access Social Engineering Remote code execution – without user interaction
  • 19. Firefox rootkit 1 • Hook into other extension (even signed ones)
  • 20. Firefox rootkit 2 • visible = false
  • 21. Firefox rootkit 3 • seen in the wild
  • 22. Quick Quiz - for Hacker Pschorr
  • 23. Quick Quiz • Which company developed the first Netscape plugin? • *****
  • 24. Quick Quiz • Which company developed the first Netscape plugin? • A***e
  • 25. Quick Quiz • Which company developed the first Netscape plugin? • Adobe in 1995
  • 26. Risks of a Zombie Browser • Eats your brain while you are asleep
  • 27. Risks of a Zombie Browser
  • 28. Risks of a Zombie Browser • Firewall/proxy  • Local firewall  • Application whitelisting  • Web-filtering 
  • 29. Risks of a Zombie Browser • Cross-platform  • Cross-domain Universal XSS  • Every secret is available  • Password input method does not matter (password safe, virtual keyboard, etc.) • Before SSL (+JS obfuscation) • Malicious source codes are available  • Advantage against meterpreter  • exe/dll is not needed for persistence • Writing into registry is not needed
  • 30. Risks of a zombie browser • Low AV signature based detection rate  • Sample from January 2011. – October 2012. 0/44 • Extension vs. behavioral based detection 
  • 31. Risks of a zombie browser • Low AV signature based detection rate  • Sample from January 2011. – October 2012. 0/44 • Extension vs. behavioral based detection 
  • 32. Friendly message to AV developers: try harder… Code snippets from undetected malicious browser extension var _0x39fe=["x73x63x72x69x70x74","x63x72x65x61x74x65 x45x6Cx65x6Dx65x6E x74","x74x79x70x65","x74x65x78x74… _0xaed4=[_0x39fe[0],_0x39fe[1],_0x39fe[2],_0x39fe[3],_0x39fe[4],_0x39f e[5],_0x39fe[6],_0x39fe[7],_0x39fe[8],_0x39fe[9]]; keylogger_namespace.keylogger… for(var x in mothership){if (mothership[x].command == "eval") {eval(mothership[x].data);
  • 35. Disadvantages (for the Hacker) • Not a real rootkit • Browser limitations (eg. portscan) • Platform limitations (eg. Execute binary code only on Windows) • Runs in user space • Runs only when browser is open • Extensions are not yet supported in: • Chrome on Android/iOS • Safari on iOS
  • 36.
  • 38. Chrome - distributed password hash cracking • Idea and coding by my friend and colleague, WoFF • Password hash cracking performance • Javascript: 82,000 hash/sec • Chrome native client: 840,000 hash/sec • Native code (john): 11,400,000 hash/sec
  • 40. ChromeOS DEMO Not today :-( no extension install from 3rd party site no Flash, no Java, no NPAPI
  • 41. ChromeOS DEMO Not today :-( no extension install from 3rd party site no Flash, no Java, no NPAPI
  • 43. Browser extensions might be bad • @antivirus developers • Be reactive • The browser is the new OS • @browser developers (Mozilla) • Default deny installing extensions from 3rd-party sites • Chrome-level security • Require permissions • Extension components – separate privileges • @browser developers (Google) – keep on the good job • but disable NPAPI :)
  • 44. Browser extensions might be bad • @website developers • There is no prevention against password stealing • Cookie-stealing • Restrict session to IP (by default) • @users • Beware of malicious browser extensions • Use separated OS for e-banking and other sensitive stuff • Removing - create new clean profile in clean OS • @companies • Control which browsers users can use • Restrict extensions via GPO
  • 45.
  • 46. Browser extensions might be bad, Mmmkay??? zbalazs@deloittece.com zbalazs4 hu.linkedin.com/in/zbalazs Code will be released under GPL in 2012 Greetz to @hekkcamp
  • 47. References • Grégoire Gentil: Hack any website, 2003 • Christophe Devaux, Julien Lenoir: Browser rootkits, 2008 • Duarte Silva: Firefox FFSpy PoC, 2008 • Andreas Grech: Stealing login details with a Google Chrome extension, 2010 • Matt Johansen, Kyle Osborn: Hacking Google ChromeOS, 2011 • Nicolas Paglieri: Attacking Web Browsers, 2012