Overview
Explore practical side channel attacks on modern browsers in this 58-minute conference talk by Angelo Prado at Takedowncon Rocketcity 2014. Delve into various injection attacks, privilege escalation techniques, and denial of service methods. Learn about browser XSS filters, timing attacks, clipboard vulnerabilities, and login & history side channels. Examine timing with heavy queries, requestAnimation Frame Timing, and the use of Flash as a side channel. Discover the potential security risks associated with the Data URI scheme and gain insights into protecting against these sophisticated browser-based attacks.
Syllabus
Intro
Spain Is A Beautiful Country
Internationally-Recognized
Different Injection Attacks
Privilege Escalation
And of course, Denial of Service
BROWSER XSS FILTERS
BROWSER TIMING ATTACKS
BROWSER CLIPBOARD ATTACKS
PRETTY PURPLE COLORS
LOGIN & HISTORY SIDE CHANNELS
TIMING WITH HEAVY QUERIES
requestAnimation Frame Timing
FLASH AS A SIDE CHANNEL
DATA URI SCHEME