Blind XSS

Presented at DEF CON 20 (2012), July 27, 2012, 5:30 p.m. (20 minutes)

This talk will announce the release and demonstrate the xss.io toolkit. xss.io is a platform to help ease cross-site scripting (xss) exploitation and specifically for this talk identification of blind xss vectors. Think drag and drop exploits post xss vuln identification. For blind xss, xss.io is a callback and hook manager for intel collected by executed and non-executed but accessed payloads.

Presenters:

  • Adam Baldwin / EvilPacket - Chief Security Officer, &yet   as Adam "EvilPacket" Baldwin
    Adam "EvilPacket" Baldwin Adam Baldwin has over 10+ years of mostly self-taught computer security experience and currently is the Chief Security Officer at &yet. He at one time possessed a GCIA and if his CPE's are up to date should still have a CISSP. Prior to starting at &yet, Adam operated a security consultancy, nGenuity and worked for Symantec. Adam is a minor contributor to the W3AF project, creator of the DVCS pillaging toolkit, helmet: the security header middleware for node.js, and has previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf. Twitter: @adam_baldwin http://evilpacket.net

Links:

Similar Presentations: