Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Stegosploit - Drive by Browser Exploits Using Only Images

44CON Information Security Conference via YouTube

Overview

Explore the innovative technique of Stegosploit, which encodes browser exploits into image files for undetectable delivery. Learn about steganography and polyglots as underlying methods for creating HTML+Image polyglots that appear innocent but contain hidden exploits. Discover the process of encoding drive-by browser exploits into JPG and PNG images, fusing them with HTML and Javascript decoder code. Examine bit layers, image analysis tools, and JavaScript decoders used in this technique. Understand the challenges of detection and incident response for these sophisticated exploits. Gain insights into exploit development, browser exploit delivery, and the potential impact on cybersecurity through demonstrations and in-depth explanations of the Stegosploit toolkit.

Syllabus

Introduction
Exploit Development
History
What it is
Images are innocent
Exploits are not dangerous
Browser Exploit Delivery
Demo
Understanding Bit Layers
Image Analysis Tool
Image Layers
Exploits
Solution
Slow Motion
Overcome PNG
Read Pixel Values
JavaScript Decoder
Polyglot
Riddle
Images Toolkit
Bipolar File
Polyglot File
Images JPEG
Secret Sauce
PNG
CC
Delivery
Browser
Server
Meterpreter
Minicat
PNG Image
Colour Image
Green Channel
Task Manager
Heap Spray
Detection
Detection Rate
Package Delivery
Remove Extension
Content Sniffing
Clever Caching
Expires Tag
Time shifted payloads
Tools
Incident Response Nightmare
Outro

Taught by

44CON Information Security Conference

Reviews

Start your review of Stegosploit - Drive by Browser Exploits Using Only Images

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.