Wednesday, December 8, 2010

Browser Exploitation for Fun & Profit Reloaded

This week during the SANS London 2010 conference I presented the second part of the web browser exploitation series, "Browser Exploitation for Fun and Profit Reloaded". This presentation is a follow up of the previous "Browser Exploitation for Fun and Profit" one from last month, and builds on top of the penetration testing setup previously described based on Samurai WTF v0.9, plus BeEF v0.4.0.3, and Metasploit v3.5.x.

This second part provides penetration testers with new tools, ideas, and techniques to demonstrate the impact of XSS vulnerabilities on the client side (but not only), with a specific focus on the top vulnerable (client-side) applications during the first three quarters of 2010: web browsers and their associated plug-ins.

Download: PDF


No comments: