The presentation that I gave at Future of Web Apps, London, October 3, 2007. More information here:
http://ejohn.org/blog/future-of-firefox-and-javascript/
When you don't have 0days: client-side exploitation for the massesMichele Orru
Conference: InsomniHack (21 March 2014)
Talk speakers:
Michele Orru (@antisnatchor)
Krzysztof Kotowicz (@kkotowicz)
Talk abstract:
A bag of fresh and juicy 0days is certainly something you would love to get
as a Christmas present, but it would probably be just a dream you had one of those drunken nights.
Hold on! Not all is lost! There is still hope for pwning targets without 0days.
We will walk you through multiple real-life examples of client-side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system.
The talk will be highly practical and will demonstrate how you can do proper client-side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc.
We'll delve into Chrome and Firefox extensions (automating various repetitive actions that you'll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient.
You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.
When you don't have 0days: client-side exploitation for the massesMichele Orru
Conference: InsomniHack (21 March 2014)
Talk speakers:
Michele Orru (@antisnatchor)
Krzysztof Kotowicz (@kkotowicz)
Talk abstract:
A bag of fresh and juicy 0days is certainly something you would love to get
as a Christmas present, but it would probably be just a dream you had one of those drunken nights.
Hold on! Not all is lost! There is still hope for pwning targets without 0days.
We will walk you through multiple real-life examples of client-side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system.
The talk will be highly practical and will demonstrate how you can do proper client-side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc.
We'll delve into Chrome and Firefox extensions (automating various repetitive actions that you'll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient.
You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.
Chocolatey - making the process of installing software on windows easy as pieJustin James
Chocolatey is a machine package manager somewhat like apt-get for Linux but built for Windows. No more searching for the install download or trying to figure out 32/64 bit or wonder what options to pick. Chocolatey takes care of doing the install for you and you can even create scripts to install multiple packages. With Chocolatey you can bring up a new development machine with minimal effort. By the end of this session you will have all of the information you need to be both a consumer and create of Chocolatey packages.Chocolatey isn't just for system administrators. It is extremely useful for both developers and end-users as well.For developers, you can quickly bring up a new machine and get all of your software installed on it with minimal effort. It is also very easy to make Chocolatey packages for your software and distribute it to your users.For end-users, no longer will they need to search for where to download your software or how to install it. Chocolatey will do all of the work for them.
Google Chromebook for the Enterprise: Yeah or Meh?Ericom Software
While Google Chromebooks were originally designed primarily for consumers, their rising popularity, and low cost are attracting enterprises. Google and its partners are aware of this, and are starting to focus on this market segment as well. That being said, Google Chromebooks still have many limitations that can impede their usefulness as an enterprise platform.
In this presentation, originally presented at BriForum US 2014, Ericom CTO Dan Shappir provides concrete guidelines that will enable you to determine if Google Chromebooks are a viable option for your organization and users. He also highlights tools and applications that can increase the usefulness of this platform for enterprises.
To learn how Ericom can help your organization make the transition to Chromebooks, visit the following URL: http://j.mp/1nefYTS
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol.
To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQ
Hundreds of Firefox addons are created every week. Millions of users download them. Some addons are even recommended by the Mozilla community, and users implicitly trust them. We don't trust a single one, and we will show you why.
This talk details how we have abused some of the most popular and recommended Firefox addons, with previously unreleased vulnerabilities. From the Mozilla download statistics, over 15 million users are potentially affected. Demos will cover remote code execution, local file disclosure and other tailored Firefox Addon exploits.
Don't panic - the Addons manager can be found under the 'Tools' tab in your Firefox menu. We expect to see a lot of people clicking the "Uninstall" button after this presentation.
Capistrano deploy Magento project in an efficient waySylvain Rayé
Deploying a Magento project can be very a long and laborious task with some risks of errors. Having the good tool to prevent such a pain like Capistrano will help you to automatize such a process. Thanks such a tool you may deploy a release of your Magento project in less than 5 minutes.
Be ef presentation-securitybyte2011-michele_orruMichele Orru
Outline:
What the hell is BeEF? ✴Cutting
Target enumeration and analysis ✴Devouring
Internal net fingerprint Exploiting internal services through the hooked browser Keylogging, browser pwnage
✴Digesting Persistence, tunneling sqlmap/Burp through BeEF proxy XSSrays integration
✴Future development and ideas
Slides of my talk at RuxCon 2013:
For those who do not listen Mayhem and black metal, the talk title
might seem a bit weird, and I can't blame you.
You know the boundaries of the Same Origin Policy, you know SQL
injection and time-delays,
you know BeEF. You also know that when sending cross-domain XHRs you
can still monitor the timing of the response: you might want to infer
on 0 or 1 bits depending if the response was delayed or not.
This means it's possible to exploit every kind of SQL injection,
blind or not blind, through an hooked browser, if you can inject a
time-delay
and monitor the response timing.
You don't need a 0day or a particular SOP bypass to do this,
and it works in every browser.
The potential of being faster than a normal single-host multi-threaded SQLi
dumper will be explored. Two experiments will be shown: WebWorkers as well
as multiple synched hooked browsers, which split the workload
communicating
partial results to a central server.
A pure JavaScript approach will be exclusively presented during this talk,
including live demos. Such approach would work for both internet facing
targets as well as
applications available in the intranet of the hooked browser.
The talk will finish discussing the implications of such an approach
in terms of Incident Response and Forensics,
showing evidence of a very small footprint.
Cross Context Scripting (XCS) is a type of XSS (Cross Site Scripting) injection which occurs from an untrusted zone, typically a web page on the Internet into the context of a trusted browser zone.
XSS injection in a trusted browser zone can be 'lethal', as injected payload runs as privileged code. No SOP (Same-Origin Policy) restrictions are enforced and direct interfacing with the underlying OS is possible.
To exploit such bugs, there is no need to use ROP gadgets, spray the heap or attempt other complex techniques. At the opposite, only few elements are required for a successful exploit, such as the right injection point and a tailored exploit payload.
This presentation will examine XCS in details and will provide a demonstration of XCS exploits of both unpatched and patched vulnerabilities in Firefox, Opera, Maxthon and Avant browsers.
Slides for my talk at the HashiCorp User Group - Amsterdam.
Having a look at some hurdles encountered and other significant points in building a base Vagrant box w/ Packer through a personal use case
Video: https://www.youtube.com/watch?v=J-s9dSjYEJw
GitHub repo: https://github.com/cristovaov/packer-vagrant-talk
Event: http://www.meetup.com/HUG-Amsterdam/events/230517085/
Chocolatey - making the process of installing software on windows easy as pieJustin James
Chocolatey is a machine package manager somewhat like apt-get for Linux but built for Windows. No more searching for the install download or trying to figure out 32/64 bit or wonder what options to pick. Chocolatey takes care of doing the install for you and you can even create scripts to install multiple packages. With Chocolatey you can bring up a new development machine with minimal effort. By the end of this session you will have all of the information you need to be both a consumer and create of Chocolatey packages.Chocolatey isn't just for system administrators. It is extremely useful for both developers and end-users as well.For developers, you can quickly bring up a new machine and get all of your software installed on it with minimal effort. It is also very easy to make Chocolatey packages for your software and distribute it to your users.For end-users, no longer will they need to search for where to download your software or how to install it. Chocolatey will do all of the work for them.
Google Chromebook for the Enterprise: Yeah or Meh?Ericom Software
While Google Chromebooks were originally designed primarily for consumers, their rising popularity, and low cost are attracting enterprises. Google and its partners are aware of this, and are starting to focus on this market segment as well. That being said, Google Chromebooks still have many limitations that can impede their usefulness as an enterprise platform.
In this presentation, originally presented at BriForum US 2014, Ericom CTO Dan Shappir provides concrete guidelines that will enable you to determine if Google Chromebooks are a viable option for your organization and users. He also highlights tools and applications that can increase the usefulness of this platform for enterprises.
To learn how Ericom can help your organization make the transition to Chromebooks, visit the following URL: http://j.mp/1nefYTS
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol.
To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQ
Hundreds of Firefox addons are created every week. Millions of users download them. Some addons are even recommended by the Mozilla community, and users implicitly trust them. We don't trust a single one, and we will show you why.
This talk details how we have abused some of the most popular and recommended Firefox addons, with previously unreleased vulnerabilities. From the Mozilla download statistics, over 15 million users are potentially affected. Demos will cover remote code execution, local file disclosure and other tailored Firefox Addon exploits.
Don't panic - the Addons manager can be found under the 'Tools' tab in your Firefox menu. We expect to see a lot of people clicking the "Uninstall" button after this presentation.
Capistrano deploy Magento project in an efficient waySylvain Rayé
Deploying a Magento project can be very a long and laborious task with some risks of errors. Having the good tool to prevent such a pain like Capistrano will help you to automatize such a process. Thanks such a tool you may deploy a release of your Magento project in less than 5 minutes.
Be ef presentation-securitybyte2011-michele_orruMichele Orru
Outline:
What the hell is BeEF? ✴Cutting
Target enumeration and analysis ✴Devouring
Internal net fingerprint Exploiting internal services through the hooked browser Keylogging, browser pwnage
✴Digesting Persistence, tunneling sqlmap/Burp through BeEF proxy XSSrays integration
✴Future development and ideas
Slides of my talk at RuxCon 2013:
For those who do not listen Mayhem and black metal, the talk title
might seem a bit weird, and I can't blame you.
You know the boundaries of the Same Origin Policy, you know SQL
injection and time-delays,
you know BeEF. You also know that when sending cross-domain XHRs you
can still monitor the timing of the response: you might want to infer
on 0 or 1 bits depending if the response was delayed or not.
This means it's possible to exploit every kind of SQL injection,
blind or not blind, through an hooked browser, if you can inject a
time-delay
and monitor the response timing.
You don't need a 0day or a particular SOP bypass to do this,
and it works in every browser.
The potential of being faster than a normal single-host multi-threaded SQLi
dumper will be explored. Two experiments will be shown: WebWorkers as well
as multiple synched hooked browsers, which split the workload
communicating
partial results to a central server.
A pure JavaScript approach will be exclusively presented during this talk,
including live demos. Such approach would work for both internet facing
targets as well as
applications available in the intranet of the hooked browser.
The talk will finish discussing the implications of such an approach
in terms of Incident Response and Forensics,
showing evidence of a very small footprint.
Cross Context Scripting (XCS) is a type of XSS (Cross Site Scripting) injection which occurs from an untrusted zone, typically a web page on the Internet into the context of a trusted browser zone.
XSS injection in a trusted browser zone can be 'lethal', as injected payload runs as privileged code. No SOP (Same-Origin Policy) restrictions are enforced and direct interfacing with the underlying OS is possible.
To exploit such bugs, there is no need to use ROP gadgets, spray the heap or attempt other complex techniques. At the opposite, only few elements are required for a successful exploit, such as the right injection point and a tailored exploit payload.
This presentation will examine XCS in details and will provide a demonstration of XCS exploits of both unpatched and patched vulnerabilities in Firefox, Opera, Maxthon and Avant browsers.
Slides for my talk at the HashiCorp User Group - Amsterdam.
Having a look at some hurdles encountered and other significant points in building a base Vagrant box w/ Packer through a personal use case
Video: https://www.youtube.com/watch?v=J-s9dSjYEJw
GitHub repo: https://github.com/cristovaov/packer-vagrant-talk
Event: http://www.meetup.com/HUG-Amsterdam/events/230517085/
This is the Google Tech Talk that I gave August 17th, 2007 on building a JavaScript library. I derived much of the talk from my experiences in building the jQuery and FUEL JavaScript libraries.
Presentation about the features of JavaFX. See how to use video, different deployment types, JavaScript integration, annimations and more. Demo's not included.
Understanding the Rails web model and scalability options.toster
Rails стал отличным ответом на требования многих лет опыта использования классической процессной модели веб-запросов. Такая модель все еще является наиболее надежной и простой для понимания и контроля. Но новое поколение высокодинамичных и интерактивных веб приложений требует принципиально новых требований к масштабированию. Одним из ответов на такие требования может стать сервис Pusher.com, который, в числе прочих вариантов решений, будет рассмотрен в этом докладе
Toster - Understanding the Rails Web Model and Scalability OptionsFabio Akita
In my first time at Russia, I've presented about Reactor Pattern, Eventmachine, WebSocket and the Pusher service as options for when Rails alone is not enough
1. The Future of
Firefox and JavaScript
John Resig (ejohn.org)
Mozilla Corporation / jQuery JavaScript Library
October 3rd, 2007 - Future of Web Apps
2. The Future of Firefox
Graphics
✦
✦ SVG
✦ Canvas
Video and Audio
✦
Offline Web Applications
✦
XMLHttpRequest++
✦
Desktop Integration
✦
3. SVG
SVG Foreign Object
✦
✦ Import normal HTML elements
✦ Demo: http://starkravingfinkle.org/blog/2007/07/firefox-3-svg-foreignobject/
Speed Improvements in the pipeline
✦
✦ Joost built on Mozilla platform
5. Canvas 3D
Works like normal 2D Canvas
✦
Thin layer to OpenGL
✦
Can embed native shader scripts
✦
✦ Run natively by the GPU
Extension: http://people.mozilla.com/~vladimir/canvas3d/
✦
7. <video/> and <audio/>
Pioneered by Opera
✦
Generic means of playing video and audio
✦
Full JavaScript API
✦
Guaranteed to play, at least, Ogg Theora
✦
Plugin more video/audio types
✦
Demo: http://www.double.co.nz/video_test/
✦
8. Offline Web Apps
Very new territory
✦
Three Specs:
✦
✦ Mozilla
✦ Google Gears
✦ WHATWG
Working to converge!
✦
✦ A final amalgam will be in Firefox 3
9. Offline Web Apps
Global Storage
✦
✦ Cookies++
File caching (CSS, Images, etc.)
✦
offline/online-mode detection
✦
File Uploads Queueing
✦
Some SQL-like stuff (work in progress)
✦
11. Desktop Integration
Webrunner
✦
✦ Deployable web applications
✦ (Built on XULRunner)
Prism (Still in Planning)
✦
✦ Webrunner in Firefox
✦ Bookmark puts an icon on the desktop
✦ Launches a dedicated application
13. JavaScript 2
Optional Type Annotation
✦
✦ var foo : string = “”;
✦ type Pair = [ int, string ];
✦ var bar : Vector.<Pair>;
Classes
✦
✦ class User {
var name : string;
var age : int;
}
15. Tamarin
Tamarin
✦
✦ New Virtual Machine from Adobe
✦ Perfect for ActionScript
✦ (a mutant cousin of JavaScript 2)
The Three Monkies:
✦
✦ ActionMonkey
✦ ScreamingMonkey
✦ IronMonkey
16. Three Monkies
ActionMonkey
✦
✦ Integrating Tamarin into SpiderMonkey
✦ Powering Firefox 4 (?) + JavaScript 2
ScreamingMonkey
✦
✦ Forcing Tamarin into Internet Explorer
✦ (Kicking and screaming?)
IronMonkey
✦
✦ Bringing Python + Ruby to Tamarin
17. Server-Side JavaScript
As old as JavaScript itself
✦
Seeing a strong resurgence
✦
Web Application Dev:
✦
✦ Helma
✦ Phobos
Application Dev:
✦
✦ Spidermonkey
✦ Rhino
18. Rhino
JavaScript implemented in Java
✦
✦ Full JS 1.6 Support
✦ Upcoming JS 1.7 Support
Full access to Java packages
✦
Weird fun:
✦
✦ var myString = new java.lang.String();
Awesome new territory:
✦
✦ var myThread = new java.lang.Thread();
DOM to the Server
✦