Stegosploit - Drive by Browser Exploits Using Only Images
44CON Information Security Conference via YouTube
Overview
Syllabus
Introduction
Exploit Development
History
What it is
Images are innocent
Exploits are not dangerous
Browser Exploit Delivery
Demo
Understanding Bit Layers
Image Analysis Tool
Image Layers
Exploits
Solution
Slow Motion
Overcome PNG
Read Pixel Values
JavaScript Decoder
Polyglot
Riddle
Images Toolkit
Bipolar File
Polyglot File
Images JPEG
Secret Sauce
PNG
CC
Delivery
Browser
Server
Meterpreter
Minicat
PNG Image
Colour Image
Green Channel
Task Manager
Heap Spray
Detection
Detection Rate
Package Delivery
Remove Extension
Content Sniffing
Clever Caching
Expires Tag
Time shifted payloads
Tools
Incident Response Nightmare
Outro
Taught by
44CON Information Security Conference