Browsers Gone Wild

Presented at Black Hat Asia 2015, Unknown date/time (Unknown duration)

In this talk, we will demonstrate and unveil the latest developments on browser specific weaknesses including creative new mechanisms to compromise confidentiality, successfully perform login and history detection, serve mixed content, deliver malicious ghost binaries without a C&C server, exploit cache/timing side channels to extract secrets from third-party domains, and leverage new HTML5 features to carry out more stealthy attacks. This is a practical presentation with live demos that will challenge your knowledge of the Same Origin Policy and push the limits of what is possible with today's web clients.

Presenters:

• Xiaoran Wang - Salesforce.com
  Xiaoran Wang is a Senior Product Security Engineer at salesforce.com. He has presented at several conferences such as Black Hat USA, Black Hat Asia, ToorCon, HackerHalted, etc. He is passionate about security, especially web application security. At work, he does architectural feature review for security, web penetration testing, security training, security automation, etc. In his personal time, he does security research in a variety of topics including exploit writing, malware analysis, vulnerability analysis, and tearing things apart. He has written many useful defensive tools as well. For example, he developed an add-on "Mixed Content Monitor" for Firefox to block and show the insecure resources loaded within https. He also developed "Process Injection Monitor" that does automatic malware analysis and extracts injected code to a binary when a malware process tries to inject itself into other processes. You may checkout his personal website at www.attacker-domain.com.
• Angelo Prado - Salesforce.com
  Angelo Prado is a Senior Product Security Manager at Salesforce.com and an independent security researcher. He has worked as a software and application security engineer for Salesforce, Microsoft, and Motorola. Mr. Prado has a proven record of leading engineering teams of highly trained product security engineers by providing effective application security and building a robust and respected security practice.Mr. Prado is one of the leading contributors to BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext), a security exploit against SSL which leverages a compression side channel to derive secrets from the ciphertext in an HTTPS stream. As a thought leader of the security community, Mr. Prado frequently speaks at major conferences worldwide, including Black Hat USA, ToorCon, SecTor, Hacker Halted, TakeDownCon, Comillas University, and Georgetown University.Angelo Prado holds a Master's degree in Computer Science from Universidad Pontificia Comillas, Madrid and has also attended University of Illinois at Urbana-Champaign. His passions and research include web application security, windows security, web browsers, machine learning, malware analysis and side channels. Some of Mr. Prado's recent disclosures include: "SSL, Gone in 30 Seconds -a BREACH Beyond CRIME" (US-CERT, MITRE: CVE-2013-3587) presented at Black Hat USA 2013 (Las Vegas). Resin Pro improperly performs Unicode transformations (US-CERT, NIST: CVE-2014-2966). Mail in Apple iOS6 allows remote attackers to spoof attachments (US-CERT, NIST: CVE-2012-3730). Microsoft Security Researcher Acknowledgments for Online Services (TechNet: 2012, 2013). Additional CVEs are pending assignment.

Links:

• https://www.blackhat.com/asia-15/briefings.html#Prado
• https://www.youtube.com/watch?v=nsjCQlEsgW8
• https://www.blackhat.com/docs/asia-15/materials/asia-15-Prado-Browsers-Gone-Wild.pdf

Similar Presentations:

• ToorCon San Diego 16 (2014) / Breaking Bad: A Browser Deception Story
• Black Hat USA 2013 / Pixel-Perfect Timing Attacks with HTML5
• Black Hat Asia 2016 / Bypassing Browser Security Policies for Fun and Profit