This document summarizes Mario Heiderich's talk on obfuscated JavaScript malware. The talk covered the history of JavaScript and how it has evolved from being frowned upon due to security issues to becoming essential for modern web applications. It then discussed how JavaScript is commonly used in malware through techniques like string obfuscation, eval injection, and hiding payloads in the DOM. The talk concluded by exploring how obfuscation could become even more advanced using new JavaScript features and discussed challenges in detecting obfuscated malware.
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...Mario Heiderich
ECMAScript 6, in short ES6, has been boiling in a copper pot for many years by now and step-by-step, browser vendors come forward to taste the first sips of this mystery soup. So, ES6 is no longer a theoretic language but already crawled across the doorstep and now lurks under your bed, ready for the nasty, waiting for the right moment to bite.
Now, what is this whole ES6 thing? How did it develop and who made it? And why is it now implemented in your favorite browser? And what does it mean for web-security and beyond?
This talk will answer these questions and showcase the new language from an attacker's perspective. You will see the new code constructs possible to be executed with ES6, new attack vectors and learn what you can do to tame that beast. Kafkaesque terminology such as expression interpolation, proper tail calls, computed properties, spread parameters, modules and tagged template strings will no longer be surprising you after attending this talk.
This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities - every single f***** one of them. We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further. The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem - with a strong focus on feasibility and scalability.
go programming language basics
This presentation is a copy of one of the presentation in the slideshare
i just walk through the basic side of go programming language
its about a 45 mins presentation
more details about this language you get from golang.org refer this link
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...Mario Heiderich
ECMAScript 6, in short ES6, has been boiling in a copper pot for many years by now and step-by-step, browser vendors come forward to taste the first sips of this mystery soup. So, ES6 is no longer a theoretic language but already crawled across the doorstep and now lurks under your bed, ready for the nasty, waiting for the right moment to bite.
Now, what is this whole ES6 thing? How did it develop and who made it? And why is it now implemented in your favorite browser? And what does it mean for web-security and beyond?
This talk will answer these questions and showcase the new language from an attacker's perspective. You will see the new code constructs possible to be executed with ES6, new attack vectors and learn what you can do to tame that beast. Kafkaesque terminology such as expression interpolation, proper tail calls, computed properties, spread parameters, modules and tagged template strings will no longer be surprising you after attending this talk.
This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities - every single f***** one of them. We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further. The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem - with a strong focus on feasibility and scalability.
go programming language basics
This presentation is a copy of one of the presentation in the slideshare
i just walk through the basic side of go programming language
its about a 45 mins presentation
more details about this language you get from golang.org refer this link
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Mario Heiderich
The clipboard is one of the most commonly used tools across operating systems, window managers and devices. Pressing Ctrl-C and Ctrl-V has become so fundamentally important to productivity and usability that we cannot get rid of it anymore. We happily and often thoughtlessly copy things from one source and paste them into another. URLs into address-bars, lengthy commands into console windows, text segments into web editors and mail interfaces. And we never worry about security when doing so. Because what could possibly go wrong, right?
But have we ever asked ourselves what the clipboard content actually consists of? Do we really know what it contains? And are we aware of the consequences a thoughtless copy&paste interaction can have? Who else can control the contents of the clipboard? Is it really just us doing Ctrl-C or is there other forces in the realm who are able to infect what we believe to be clean, who can desecrate what we trust so blindly that we never question or observe it?
This talk is about the clipboard and the technical details behind it. How it works, what it really contains – and who can influence its complex range of contents. We will learn about a new breed of targeted attacks, including cross-application XSS from PDF, ODT, DOC and XPS that allow to steal website accounts faster than you can click, turn your excel sheet into a monster and learn about ways to smuggle creepy payload that is hidden from sight until it executes. Oh, and we’ll also see what can be done about that and what defensive measures we achieved to create so far.
A Journey to Boot Linux on Raspberry PiJian-Hong Pan
Each processor/chip architecture has its own procedure to boot the kernel. It works with desgined partition layout and vendor specific firmwares/bootloaders in the boot partition. We can learn the related knowledge from the Raspbian image for Raspberry Pi, which is the board we can obtain easily. However, the diversity between the special booting procedures with specific firmwares/bootloaders increases the complexity for distribution maintainers. It will be great if there is a way to make it more generic that can be applied to most of the chip architectures/boards to boot up the system.
After referring to some Linux distributions, we learned U-Boot may play a role in the solution. It splits the booting procedure into hardware specific and generic system parts. This helps distribution maintainers deploy the generic system with OSTree, including device trees.
Let’s deep dive into this magic booting procedure!
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
JavascriptMVC: Another choice of web frameworkAlive Kuo
JavascriptMVC is another client side web MVC framework based on jQuery. It has totally solution to build a web application. This slide will introduce basic features of JavascriptMVC3.2
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Mario Heiderich
The clipboard is one of the most commonly used tools across operating systems, window managers and devices. Pressing Ctrl-C and Ctrl-V has become so fundamentally important to productivity and usability that we cannot get rid of it anymore. We happily and often thoughtlessly copy things from one source and paste them into another. URLs into address-bars, lengthy commands into console windows, text segments into web editors and mail interfaces. And we never worry about security when doing so. Because what could possibly go wrong, right?
But have we ever asked ourselves what the clipboard content actually consists of? Do we really know what it contains? And are we aware of the consequences a thoughtless copy&paste interaction can have? Who else can control the contents of the clipboard? Is it really just us doing Ctrl-C or is there other forces in the realm who are able to infect what we believe to be clean, who can desecrate what we trust so blindly that we never question or observe it?
This talk is about the clipboard and the technical details behind it. How it works, what it really contains – and who can influence its complex range of contents. We will learn about a new breed of targeted attacks, including cross-application XSS from PDF, ODT, DOC and XPS that allow to steal website accounts faster than you can click, turn your excel sheet into a monster and learn about ways to smuggle creepy payload that is hidden from sight until it executes. Oh, and we’ll also see what can be done about that and what defensive measures we achieved to create so far.
A Journey to Boot Linux on Raspberry PiJian-Hong Pan
Each processor/chip architecture has its own procedure to boot the kernel. It works with desgined partition layout and vendor specific firmwares/bootloaders in the boot partition. We can learn the related knowledge from the Raspbian image for Raspberry Pi, which is the board we can obtain easily. However, the diversity between the special booting procedures with specific firmwares/bootloaders increases the complexity for distribution maintainers. It will be great if there is a way to make it more generic that can be applied to most of the chip architectures/boards to boot up the system.
After referring to some Linux distributions, we learned U-Boot may play a role in the solution. It splits the booting procedure into hardware specific and generic system parts. This helps distribution maintainers deploy the generic system with OSTree, including device trees.
Let’s deep dive into this magic booting procedure!
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
JavascriptMVC: Another choice of web frameworkAlive Kuo
JavascriptMVC is another client side web MVC framework based on jQuery. It has totally solution to build a web application. This slide will introduce basic features of JavascriptMVC3.2
In this presentation, N. Kishorekumar, a Drupal Consultant at Valuebound will give an overview of Node.js, a JavaScript runtime built on Chrome's V8 JavaScript engine. He will discuss here the background, theories and the relevance of Node.js.
*****************************************
Get Socialistic
Our website: http://valuebound.com/
LinkedIn: https://www.linkedin.com/company/valuebound/
Facebook: https://www.facebook.com/valuebound/
Twitter: https://twitter.com/valuebound
Golang becomes more and more popular: new projects are developed in this language and the old ones migrate to it. Why is Go loved by developers, wanted by clients and preferred by architects? Find the answers in this video.
This presentation was held by Sergii Shapoval (Senior Software Engineer, Consultant, GlobalLogic) at GlobalLogic Kyiv Java Career Day #2 on December 1, 2018.
Video: https://youtu.be/wSSgY_Du9zY
Learn more: https://www.globallogic.com/ua/events/globallogic-kyiv-java-career-day-2-summary
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
Yes! TypeScript is the base for Angular2+ , If you want to enter into the world of Angular2, 4, 5, ... then the first step is to understand TypeScript.
I am going to make it very simple for you to learn and implement it.
This talk describes the current state of the Veil-Framework and the different tools included in it such as Veil-Evasion, Veil-Catapult, Veil-Powerview, Veil-Pillage, Veil-Ordnance
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
The developer is an easy and valuable target for malicious minds. The reasons for that are numerous and hard to come by. This talk delivers examples, proof, discussion and awkward moments in a pretty special way.
Everybody hates developers – especially web developers. And why not? The cracks and crevices of their APIs and implementations are the reason that vulnerabilities in web applications are still a widespread issue – and will continue to be in the foreseeable future.
Bashing and blaming them for their wrongdoings is fun – boy, they are stupid in their mistakes! But has anyone ever dared to have an open on stage battle with an actual developer?
And who of the developers dares to face their collective nemesis – the attacker? Can there be life where matter and anti-matter collide? We will know about this soon – because this is what this talk is going to be about. Developer versus attacker – vulnerability versus defense. Be prepared for swearing, violence and people leaving the stage prematurely in tears.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
3. Credits First
●
Gareth Heyes (buy him a beer – here's here rite now)
●
Eduardo Vela
●
David Lindsay
●
Yosuke Hasegawa
●
And many others...
4. History Lessons
●
The origin of JavaScript in 1995
●
Netscape Navigator 2.0
●
LiveScript
●
ECMA 262
●
JScript
●
Implementations and Revisions
● Browserwars
5. Shadowy Existence
●
Frowned upon for a long time
same with cookies :)
●
Users trained for switching off JavaScript
●
Vulnerable browsers
●
Spam, Phishing, Malware
●
Until a renaissance took place...
6. Renaissance
●
The “New Web“
●
Websites become applications
●
Rich Internet Applications
●
Widgets and other out-of-band applications
●
XMLHttpRequest paves the way
●
AJAX and the Web 2.0
7. Today
● JavaScript and JScript moved closer
● ActionScript and other implementations
● V8, SpiderMonkey, Tamarin... first IE9 versions soon to
come
● JavaScript 1.7, 1.8, 1.8.1 and 2.0
● Complex and super-dynamic scripting language
● Almost irreplace for modern webapps
8. JavaScript and Bad-Ware
●
JavaScript and browser exploits
●
Websites from Hell
●
JavaScript in PDFs
●
XSS, CSRF and client side SQLI
●
NoScript, IE8 XSS Filter, Webkit XSS Filter
●
Content Matching, Live-Deobfuscation, Sandboxing
9. String obfuscation
●
It's full of evals
●
eval(), execScript(), Function(), Script()
● _FirebugConsole.evaluate()
●
Entities, special chars and shortcuts
●
XOR, “Encryption“ and Base64
●
Examples
12. A small Crash-Course
●
Take some heavily obfuscated code
●
Maybe generated by commercial obfuscators
●
Break it
●
Realize string obfuscation can't work
●
Demo
13. Let's do this
●
https://www.2checkout.com/static/checkout/javascript/us
● u0009 f{f`9#evm`wjlu006d+slu0070pjaofp*#x
u0075bo8u0009~#`bw`k#+f*u0023x#~u0009~ qfwvqm#!!8
u007e/ u0009 olbg@lnsp9#evmu0060wjlm+*#x
●
Deobfuscation in FireBug
● a=function(){%code%}
● a.toSource(1)
●
Replace last eval by an alert
14. Limitations and alternatives
●
String Obfuscated Code == clear text
●
As long as we have an eval
●
Alternatives
●
Changing the code structure
●
Use browser and implementation bugs
●
Use less-/undocumented features
15. Examples
●
Using regular expressions as functions
● (/padding/)(/payload/)
●
DOM Objekte can be functions too
● !location(payload)
●
Destructuring assignment
● [,,padding]=[,,payload]
● [,location]=[,'javascript:alert(1)']
● [,a,a(1)]=[,alert]
16. More Examples
●
Execute code without parenthesis
● {x:window.onunload=alert}
● ''+{toString:alert}
●
Prototypes and call()
● (1,[].sort)()[[].join.call('at','ler')](1)
●
Empty return values
● {x:top['al'+new Array+'ert'](1)}
19. The Code
●
Generating strings from RGB color values
function a() {
c=document.getElementById("c"),x=c.getContext("2d"),
i=document.getElementById("i")
x.drawImage(i, 0, 0),d=x.getImageData(0, 0, 3, 3),
p=''
for(y in d.data) {
if(d.data[y] > 0 && d.data[y] < 255) {
p+=String.fromCharCode(d.data[y])
}
}
eval(p)
}
20. Or even more
●
CSS color values, background URIs etc. etc.
● document.styleSheets[0].cssRules[0]...
●
Using image binaries to hide payload
●
Canvas helps a lot
● escape(atob(document.createElement('canvas')
.toDataURL('image/jpeg').slice(23)))
21. Talking about Canvas
●
Get binary same-domain image data via JavaScript
●
Making use of the toDataURL() method
●
Like this
● document.createElement('canvas')
.toDataURL('image/jpeg')
●
Think Captcha – or just plain payload obfuscation
22. Payload via TinyURL
●
Payload from base64-ed URL suffix
●
Hidden in the referrer
●
http://tinyurl.com/YWxlcnQoZG9jdW1lbnQuY29va2llKQ
● eval(atob(document.referrer.split(///)[3]))
23. Strings made out of Nothing
●
AKA No-Alnum Scene“ :)„
●
Up- and downcast
●
{}+'' becomes „[object Object]“
●
!''+'' becones „false“
●
-~'' becomes 1 and -~-~'' becoms 2
24. Retrieving DOM Objects
●
Hard to detect payload execution
●
Payload hidden in DOM variables
●
Examples
● (1,[]['sort'])()['alert'](1)
● [].constructor.constrcutor()()['alert'](1)
25. Constructors and More
●
Some examples
●
Perfect for testing against sandboxes
● /./.__proto__.__proto__.constructor(alert)(1)
● Text.constructor([alert][0])(1)
● Window.__parent__[/alert/.source](1)
● Attr.__proto__.constructor.apply(0,[alert])(1)
● XULCommandEvent.__parent__
27. Morphing Code
●
Code changes each time being delivered
●
JavaScript generates morphing JavaScript
●
Payload source again is the DOM
●
Base64 from document.body.innerHTML
●
Looping over window
●
etc. etc..
30. How to detect?
●
Almost impossible
●
Payload stays hidden even if the trigger was found
●
Sandboxing and runtime-analysis
●
See NoScript and others
●
Limitations and new risks
●
Attacks against the sandbox, data leakage, DoS
33. JavaScript of tomorrow
●
More features
●
Even more dynamic and slim code
●
Let Statements, Generator Expressions, more native data
types, XML, more DOM objects and methods
●
Operator overloading
●
Operator Object, first drafts around for quite some time
35. The User Agents
●
Native Client
●
WebGL
●
WebOS using Google FS and seemlessly integrated
Chrome
●
DOM Storage and file system access
●
Back to the fat client
36. Coming up
●
Malware still using rather immature techniques
●
String obfusc. all over the place
●
Generators for really obfuscated code
●
A challenge for WAF vendors and AVs
●
More code analysis and sandboxing
37. Questions and Comments
● Feedback welcome
● Even after talk and event
● mario.heiderich@gmail.com
● http://mario.heideri.ch
● http://twitter.com/0x6D6172696F
38. Goodies!
●
Weird labels in Opera
● <script>=alert;(1)</script>͞ ͞
● <script> =alert,0? =1: (2)</script>⌃․ ․ ⌃․
● <script>ۘ=alert,ۘ(3)</script>
●
A Firefox special - tags inside closing tags
●
No > is used to close a tag for FF – enabling this;
● </p/<img/src=! onerror=alert(1)>