Full Scope Security Attacking Layer 8: Client-Side Penetration Testing NotaCon '09 talk on Client-Side attacks takes about 30 seconds for the video to get started

# vimeo.com/4731117 Uploaded 3 years ago 2,704 Plays / 3 Likes / 2 Comments

Full Scope Security Attacking Layer 8: Client-Side Penetration Testing SOURCE Boston talk on Client-Side attacks

# vimeo.com/3665163 Uploaded 3 years ago 2,163 Plays / 5 Likes / 0 Comments

Demo for Attacking Layer 8: Client-Side Penetration Testing Opera 9.62 file:// Heap Overflow CVE=2008-5178 Metasploit Fileformat Demo. Generate malicious html file, get user to open the html file locally in Opera, enjoy userland shell

# vimeo.com/2900900 Uploaded 3 years ago 273 Plays / 1 Like / 0 Comments

Demo for Attacking Layer 8: Client-Side Penetration Testing CA eTrust PestPatrol ActiveX Stack Overflow Metasploit Fileformat Demo. 1st try we try an the eTrust ActiveX exploit against a host that doesn't have the control installed and we see that all we do is crash the browser :-( 2nd try we use the cab install version of the exploit to actually serve up the control to the victim, once they enable the ActiveX control, it is downloaded and installed,…

# vimeo.com/3011304 Uploaded 3 years ago 209 Plays / 1 Like / 0 Comments

Demo for Attacking Layer 8: Client-Side Penetration Testing Metasploit MSFpayload VBA into Microsoft Word Document Fileformat Demo. We use msfpayload to generate our payload in VBscript. Insert our code as a macro in a word document. Use SE to get the user to enable macros and enjoy the shell even after the word document has been closed.

# vimeo.com/3358923 Uploaded 3 years ago 742 Plays / 2 Likes / 2 Comments