Using Guided Missiles in Drive-Bys: Automatic browser fingerprinting and exploitation with Metasploit

Presented at DEF CON 17 (2009), Aug. 1, 2009, 11 a.m. (50 minutes)

The blackhat community has been using client-side exploits for several years now. Multiple commercial suites exist for turning webservers into malware distribution centers. Unfortunately for the pentester, acquiring these tools requires sending money to countries with no extradition treaties, taking deployed packs from compromised webservers, or other acts of questionable legality. To ease this burden the Metasploit Project will present an extensible browser exploitation platform integrated into the metasploit framework.

Presenters:

• James Lee / Egyp7 - Core Developer, Metasploit Project   as Egypt
  egypt has been a core developer for the Metasploit Project since April 2008 and a user of the framework since discovering its existence in 2004. He is also a member of Attack Research, a group of people dedicated to the in-depth understanding of computer based attacks. Recently, egypt founded Teardrop Security, a consulting company specializing in penetration testing, vulnerability research, and reverse engineering.

Links:

• https://defcon.org/html/defcon-17/dc-17-speakers.html#Egypt
• https://infocon.org/cons/DEF CON/DEF CON 17/DEF CON 17 video and slides/DEF CON 17 - Egypt - Automatic Browser Fingerprinting and Exploitation with Metasploit - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=aNsU1hg_xkQ

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Metasploit Townhall
• DerbyCon 9.0 Finish Line (2019) / Metasploit Town Hall Finale
• DEF CON 17 (2009) / App Assessment the Metasploit Way