Cross Site Scripting Anonymous Browser 2.0

Presented at DEF CON 17 (2009), July 31, 2009, noon (20 minutes)

Cross Site Scripting Anonymous Browser, Version 2.0 Earlier this year, the Cross-site Scripting Anonymous Browser ("XAB") was presented as a new perspective on how we could extend the functionality of browser technologies, form dynamic botnets for browsing, and create an unpronounceable acronym all at once. We continue the madness with the second incarnation of the XAB framework. XAB hasn't really revolutionized attacks or defenses in its short lifespan, nor is it great at factoring primes. However, it has opened the minds of a few by demonstrating an interesting way to combine unlike ideas and creating a new animal all of it's own. Think of it as forced social networking, without ever really knowing whom you're talking to, or what they're saying. We will provide a brief review of the technology, pour over the trials and tribulations of the enhancements and additions of the past 6 months, provide a live demonstration of the improvements and continue the conversation about the future of the framework.

Presenters:

• Matt Flick - Principal at FYRM Associates
  Matt Flick For more than 9 years, Matt Flick has developed his career in the information security industry, with expertise in application security and other areas within information security management, services, and auditing. Matt has worked with both commercial and federal government clients to help plan, develop, and assess their information security programs. Matt is currently a Principal with FYRM Associates Inc., an information security professional services organization, and a member of OWASP DC, ISACA and ISSA. Mr. Flick has previously presented at Blackhat DC 2009.
• Jeff Yestrumskas - Security Researcher
  Jeff Yestrumskas is in charge of information security for an international application service provider, but still enjoys getting his hands dirty. His professional background spanning over a decade includes forensics, leading penetration tests, application security services and teaching others to do the same.

Links:

• https://defcon.org/html/defcon-17/dc-17-speakers.html#Yestrumskas
• https://infocon.org/cons/DEF CON/DEF CON 17/DEF CON 17 video and slides/DEF CON 17 - Jeff Yestrumskas and Matt Flick - Cross Site Scripting Anonymous Browser 2.0 - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=1-UJTZNjN3E

Similar Presentations:

• DerbyCon 1.0 (2011) / The Hidden XSS – Attacking the Desktop
• ToorCon San Diego 13 (2011) / The Hidden XSS - Attacking the Desktop/Mobile
• Black Hat Asia 2019 / Who Left Open the Cookie Jar?