Description: Slide : - https://deepsec.net/docs/Slides/DeepSec_2011_Michele_Orru_-_Ground%20BeEF_-%20Cutting,_devouring_and_digesting_the_legs_off_a_browser.pdf
Michele Orru held a presentation about web browser security at the DeepSec 2011 security conference:Browser security is still one of the trickiest challenges to afford nowadays. A lot of efforts has been spent on mitigating browser exploitation from heap and stack overflows, pointers dereference and other memory corruption bugs. On the other hand there is still an almost unexplored landscape.X-Frame-Options, X-XSS-Protection, Content Security Policy, DOM sandboxing are good starting points to mitigate the XSS plague, but they are still not widely implemented.We will see how a framework like BeEF can be used to abuse the securitycontext of a browser. As we are able to manipulate the DOM for fun andprofit in 95% of web applications, a trivial reflected or DOM-based XSS isenough to hook a victim browser to BeEF and control it completely.The presentation will cover the following main areas, between the many:Cutting: stealth activities, target enumeration and analysis, commanmodule autorun.Devouring: internal network fingerprint via JS, exploiting internalservices through the browser, keylogging, browser pwnage, autopwn.Digesting: persistence, tunneling sqlmap/Burp through BeEF proxy, XSS Raysintegration.
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , deepsec-11 , deepsec-2011 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.