SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Script Fragmentation (A new Web Attack Vector) Brucon 2009
This talk titled "A new web attack vector: Script Fragmentation" was given by Stephan Chenette at Brucon 2009. You can download the presentation slides here.
Abstract: This presentation will introduce a new web-based attack vector which utilizes client-side scripting to fragment malicious web content. This involves distributing web exploits in a asynchronous manner to evade signature detection. Similar to TCP fragmentation attacks, which are still an issue in current IDS/IPS products, This attack vector involves sending any web exploit in fragments and uses the already existing components within the web browser to reassemble and execute the exploit. Our presentation will discuss this attack vector used to evade both gateway and client side detection. We will show several proof of concepts containing common readily available web exploits.
Speaker Bio: Stephan Chenette is a Senior Security Researcher for Websense Security Labs working on malcode detection techniques. Mr. Chenette specializes in research tools ranging from kernel-land sandboxes, to static analysis scanners. He has released public analysis on various vulnerabilities and malware. Prior to joining Websense, Stephan was a security software engineer for 4 years working in research and product development at eEye Digital Security.
You can download a High resolution video here.
Abstract: This presentation will introduce a new web-based attack vector which utilizes client-side scripting to fragment malicious web content. This involves distributing web exploits in a asynchronous manner to evade signature detection. Similar to TCP fragmentation attacks, which are still an issue in current IDS/IPS products, This attack vector involves sending any web exploit in fragments and uses the already existing components within the web browser to reassemble and execute the exploit. Our presentation will discuss this attack vector used to evade both gateway and client side detection. We will show several proof of concepts containing common readily available web exploits.
Speaker Bio: Stephan Chenette is a Senior Security Researcher for Websense Security Labs working on malcode detection techniques. Mr. Chenette specializes in research tools ranging from kernel-land sandboxes, to static analysis scanners. He has released public analysis on various vulnerabilities and malware. Prior to joining Websense, Stephan was a security software engineer for 4 years working in research and product development at eEye Digital Security.
You can download a High resolution video here.
Related Videos from: Presentations from Brucon 2009
-Brucon-2009.jpg) | .jpg) | .jpg) | .jpg) | .jpg) | |
You are Viewing this Video Now! | |||||
3085 views | 2422 views | 2358 views | 2589 views | 2960 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |