We Have You by the Gadgets

Presented at DEF CON 20 (2012), July 29, 2012, 10 a.m. (50 minutes)

Why send someone an executable when you can just send them a sidebar gadget? We will be talking about the windows gadget platform and what the nastyness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of. We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets.

Presenters:

• Toby Kohlenberg - Senior InfoSec Specialist, Fortune 500 company
  Toby Kohlenberg is an opinionated loud mouth who occasionally has interesting insights and useful things to say about a wide variety of information security topics. He's worked on a large number of different technologies in the information security space. Past speaker at: T2, Shmoocon, Toorcon Seattle, PacSec and CanSecWest.
• Mickey Shkatov
  Mickey Shkatov AKA "Laplinker" , is a proud DC9723 member, not a Mossad agent, a breaker of code, a researcher of vulnerabilities that will never see the light of day, a lunatic and a fun guy to drink with. Twitter: @laplinker http://www.laplinker.com

Links:

• https://defcon.org/html/defcon-20/dc-20-speakers.html#Shkatov
• https://infocon.org/cons/DEF CON/DEF CON 20/DEF CON 20 video and slides/DEF CON 20 - Mickey Shkatov and Toby Kohlenberg - We Have You by the Gadgets - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=fTtrLFubDc8

Similar Presentations:

• Black Hat USA 2013 / OptiROP: hunting for ROP gadgets in style
• DEF CON 16 (2008) / Xploiting Google Gadgets: Gmalware and Beyond
• Black Hat USA 2012 / We have you by the Gadgets