1. Full Scope Security

    Attacking Layer 8: Client-Side Penetration Testing

    NotaCon '09 talk on Client-Side attacks

    takes about 30 seconds for the video to get started

    # vimeo.com/4731117 Uploaded 2,887 Plays 2 Comments
  2. Full Scope Security

    Attacking Layer 8: Client-Side Penetration Testing

    SOURCE Boston talk on Client-Side attacks

    # vimeo.com/3665163 Uploaded 2,467 Plays 0 Comments
  3. Demo for Attacking Layer 8: Client-Side Penetration Testing

    Opera 9.62 file:// Heap Overflow CVE=2008-5178 Metasploit Fileformat Demo.

    Generate malicious html file, get user to open the html file locally in Opera, enjoy userland shell

    # vimeo.com/2900900 Uploaded 312 Plays 0 Comments
  4. Demo for Attacking Layer 8: Client-Side Penetration Testing

    CA eTrust PestPatrol ActiveX Stack Overflow Metasploit Fileformat Demo.

    1st try we try an the eTrust ActiveX exploit against a host that doesn't have the control installed and we see that all we do is crash the browser :-(

    2nd try we use the cab install version of the exploit to actually serve up the control to the victim, once they enable the ActiveX control, it is downloaded and installed, and we exploit the victim and get our userland shell

    # vimeo.com/3011304 Uploaded 231 Plays 0 Comments
  5. Demo for Attacking Layer 8: Client-Side Penetration Testing

    Metasploit MSFpayload VBA into Microsoft Word Document Fileformat Demo.

    We use msfpayload to generate our payload in VBscript. Insert our code as a macro in a word document. Use SE to get the user to enable macros and enjoy the shell even after the word document has been closed.

    # vimeo.com/3358923 Uploaded 990 Plays 2 Comments

FullScopeSecurity

FullScopeSecurity

FullScopeSecurity Hack Videos and Demos

Browse This Channel

Shout Box

Heads up: the shoutbox will be retiring soon. It’s tired of working, and can’t wait to relax. You can still send a message to the channel owner, though!

Channels are a simple, beautiful way to showcase and watch videos. Browse more Channels.