Explore the latest developments in browser-specific vulnerabilities and creative attack mechanisms in this Black Hat conference talk. Delve into techniques for compromising confidentiality, performing login and history detection, serving mixed content, and delivering malicious ghost binaries without a command and control server. Witness live demonstrations that challenge your understanding of the Same Origin Policy and showcase exploits leveraging cache/timing side channels and HTML5 features for stealthier attacks. Gain practical insights into pushing the boundaries of web client security in this 59-minute presentation by Angelo Prado and Xiaoran Wang.
Overview
Syllabus
Browsers Gone Wild
Taught by
Black Hat
Related Courses
-
Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers
-
Same Origin Method Execution - Exploiting a Callback for Same Origin Policy Bypass
-
HTML5 Top 10 Threats - Stealth Attacks & Silent Exploits
-
Bypassing Browser Security Policies for Fun and Profit
-
Pixel Perfect Timing Attacks with HTML5
