Presented at
BruCON 0x08 (2016),
Oct. 27, 2016, 6 p.m.
(60 minutes)
One of the most commonly used applications on desktop systems are web browsers. We identified that the latest versions of Microsoft Internet Explorer Edge, Google Chrome and Mozilla Firefox all contain vulnerabilities with regards to memory management of sensitive data. Concretely, they keep clear-text credentials in memory long after they have been entered and the designated tab is closed, allowing an adversary to recover this sensitive data as long as the web browser is running. This could prove very useful in certain forensic investigations, or be abused by an attacker to stealthily harvest website credentials without the need to install additional malware (e.g. a keylogger).
As a Proof-of-Concept for the vendors, we have implemented a Volatility Framework Plugin that allows to harvest website credentials from a memory dump. This plugin will be open-sourced after this talk. Additionally, we will share the response of the three vendors on our PoC.
Presenters:
-
Stefaan Truijen
Stefaan Truijen holds a Master Degree in Computer Science with specialization in secure software. His thesis was on scraping the RAM memory of web browsers. Currently, he is employed as a junior security consultant at Planet-Talent.
-
Adrian Toma
Adrian Toma is a Romanian living in Belgium. He has a passion for Informatics, holds a Bachelor Degree in industrial systems and is following evening courses for a Second Bachelor Degree in Networks and Systems Security. At this moment he's working as Consultant in .NET development.
Links:
Similar Presentations: