Explore the security vulnerabilities of the File System Access API in this 27-minute Black Hat conference talk. Discover how a malicious website can exploit this newly deployed browser feature to gain arbitrary code execution and bypass security measures. Learn about the potential risks associated with the API's ability to read, write, and edit files on user devices. Gain insights into how attackers can circumvent operating system scans, security product checks, and even manual inspections to inject malicious code. Presented by Matthew Weeks, this talk delves into the shortcomings of the API's security features and highlights the importance of understanding its implications for web security.
Internal Affairs - Hacking File System Access from the Web
Overview
Syllabus
Internal Affairs: Hacking File System Access from the Web
Taught by
Black Hat
Related Courses
-
Hacking Web Applications & Penetration Testing: Web Hacking
-
The Outer Limits - Hacking the Samsung Smart TV
-
Perimeter Breached - Hacking an Access Control System
-
Web Hacking Part 1 - Hacking Exposed - E-commerce
-
Back to the Epilogue - How to Evade Windows' Control Flow Guard with Less than 16 Bytes
-
The Next Generation of Windows Exploitation - Attacking the Common Log File System
