Explore client-side exploitation techniques without relying on zero-day vulnerabilities in this conference talk from AppSecUSA 2014. Learn practical methods for compromising target systems by abusing existing functionalities in browsers, extensions, and legacy features. Discover how to automate attacks, tailor them to specific victim profiles, and achieve persistence on compromised systems. Gain insights into exploiting Chrome and Firefox extensions, HTML applications, User Interface expectations, and Office macros. Suitable for offensive security enthusiasts, this talk provides real-life examples and demonstrates effective client-side exploitation strategies that work on fully patched target software.
Client-Side Exploitation Techniques Without Zero-Day Vulnerabilities
Overview
Syllabus
When you can't afford 0days: Client-side exploitation for the masses - OWASP AppSecUSA 2014
Taught by
OWASP Foundation
