Presented at
DEF CON 17 (2009),
July 31, 2009, noon
(20 minutes).
Cross Site Scripting Anonymous Browser, Version 2.0 Earlier this year, the Cross-site Scripting Anonymous Browser ("XAB") was presented as a new perspective on how we could extend the functionality of browser technologies, form dynamic botnets for browsing, and create an unpronounceable acronym all at once. We continue the madness with the second incarnation of the XAB framework.
XAB hasn't really revolutionized attacks or defenses in its short lifespan, nor is it great at factoring primes. However, it has opened the minds of a few by demonstrating an interesting way to combine unlike ideas and creating a new animal all of it's own. Think of it as forced social networking, without ever really knowing whom you're talking to, or what they're saying.
We will provide a brief review of the technology, pour over the trials and tribulations of the enhancements and additions of the past 6 months, provide a live demonstration of the improvements and continue the conversation about the future of the framework.
Presenters:
-
Jeff Yestrumskas
- Security Researcher
Jeff Yestrumskas is in charge of information security for an international application service provider, but still enjoys getting his hands dirty. His professional background spanning over a decade includes forensics, leading penetration tests, application security services and teaching others to do the same.
-
Matt Flick
- Principal at FYRM Associates
Matt Flick For more than 9 years, Matt Flick has developed his career in the information security industry, with expertise in application security and other areas within information security management, services, and auditing. Matt has worked with both commercial and federal government clients to help plan, develop, and assess their information security programs. Matt is currently a Principal with FYRM Associates Inc., an information security professional services organization, and a member of OWASP DC, ISACA and ISSA. Mr. Flick has previously presented at Blackhat DC 2009.
Links:
Similar Presentations: