Breaking Bad: A Browser Deception Story

Presented at ToorCon San Diego 16 (2014), Oct. 26, 2014, noon (20 minutes).

In this talk we will demonstrate and unveil the latest developments on browser specific weaknesses including creative new mechanisms to compromise confidentiality, successfully perform login and history detection, serve mixed content, deliver malicious ghost binaries without a C&C server, exploit cache / timing side channels to extract secrets from third-party domains and leverage new HTML5 features to carry out more stealthy attacks. This is a practical presentation with live demos that will challenge your knowledge of the Same Origin Policy and push the limits of what is possible with today’s web clients.

Presenters:

  • Xiaoran Wang
    Xiaoran is a Senior Product Security Engineer at salesforce.com. He is passionate about security, especially web application security. At work, he does architectural feature review for security, web penetration testing, security training, security automation, etc. In his personal time, he does security research in a variety of topics including exploit writing, malware analysis, vulnerability analysis, and tearing things apart. He has written many useful defensive tools as well. For example, he developed an add-on “Mixed Content Monitor” for Firefox to block and show the insecure resources loaded within https. He also developed “Process Injection Monitor” that does automatic malware analysis and extracts injected code to a binary when a malware process tries to inject itself into other processes. He presented at BlackHat USA about RAVAGE. @0x1a0ran, www.x1a0ran.com RAVAGE - https://www.blackhat.com/us-14/briefings.html#ravage-runtime-analysis-of-vulnerabilities-and-generation-of-exploits (2013)
  • Angelo Prado
    Angelo Prado is a Senior Product Security Manager at Salesforce.com. He has worked as a software and security engineer for Microsoft and Motorola. Angelo has been involved with the security community for over 8 years, speaking at Black Hat USA, ToorCon, Hacker Halted, SecTor and GSICKMinds. Angelo is a Computer Science alumni from Universidad Pontificia Comillas, Madrid and has also attended University of Illinois at Urbana-Champaign. His passions & research include web application security, windows security, browsers, machine learning, malware analysis and Spanish Jamón. BREACH - http://www.blackhat.com/us-13/speakers/Angelo-Prado.html (2013) BREACH - http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/ RESIN UNICODE- http://www.kb.cert.org/vuls/id/162308 (2014) APPLE IOS MAIL - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3730 (2013)

Similar Presentations: