FullScopeSecurity

Full Scope Security

Attacking Layer 8: Client-Side Penetration Testing

NotaCon '09 talk on Client-Side attacks

takes about 30 seconds for the video to get started

Full Scope Security

Attacking Layer 8: Client-Side Penetration Testing

SOURCE Boston talk on Client-Side attacks

Demo for Attacking Layer 8: Client-Side Penetration Testing

Opera 9.62 file:// Heap Overflow CVE=2008-5178 Metasploit Fileformat Demo.

Generate malicious html file, get user to open the html file locally in Opera, enjoy userland shell

Demo for Attacking Layer 8: Client-Side Penetration Testing

CA eTrust PestPatrol ActiveX Stack Overflow Metasploit Fileformat Demo.

1st try we try an the eTrust ActiveX exploit against a host that doesn't have the control installed and we see that all we do is crash the browser :-(

2nd try we use the cab install version of the exploit to actually serve up the control to the victim, once they enable the ActiveX control, it is downloaded and installed, and we exploit the victim and get our userland shell

Demo for Attacking Layer 8: Client-Side Penetration Testing

Metasploit MSFpayload VBA into Microsoft Word Document Fileformat Demo.

We use msfpayload to generate our payload in VBscript. Insert our code as a macro in a word document. Use SE to get the user to enable macros and enjoy the shell even after the word document has been closed.