Description: In this video Adam Baldwin shows us how using xss. io to identify blind xss vectors, quickly build reusable exploits and use the referrer redirect feature to shorten the payload length. This video is part of Defcon 20 here is the talk description
Adam Baldwin : - This talk will announce the release and demonstrate the xss.io toolkit. xss.io is a platform to help ease cross-site scripting (xss) exploitation and specifically for this talk identification of blind xss vectors. Think drag and drop exploits post xss vuln identification. For blind xss, xss.io is a callback and hook manager for intel collected by executed and non-executed but accessed payloads.
Adam "EvilPacket" Baldwin Adam Baldwin has over 10+ years of mostly self-taught computer security experience and currently is the Chief Security Officer at &yet. He at one time possessed a GCIA and if his CPE's are up to date should still have a CISSP. Prior to starting at &yet, Adam operated a security consultancy, nGenuity and worked for Symantec. Adam is a minor contributor to the W3AF project, creator of the DVCS pillaging toolkit, helmet: the security header middleware for node.js, and has previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf.
Twitter: @adam_baldwin
https://www.defcon.org/html/defcon-20/dc-20-speakers.html#Baldwin
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
This is really awesome!!
I am hungry to try this by myself, but the website is not yet open :(