[PDF] HEIST: HTTP Encrypted Information can be Stolen through TCP-windows
HTTP! Encrypted! Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem HEIST Agenda • Technical background! • Same-Origin Policy! • Compression-based attacks! • SSL/TLS & TCP! • Nitty gritty HEIST details! • Demo! • Countermeasures 2 HEIST Same-Origin Policy 3 Mr. Sniffles https://bunnehbank.com GET /vault HEIST Same-Origin Policy 3 Mr. Sniffles https://bunnehbank.com
SVG - Exploiting Browsers without Image Parsing Bugs
SVG Exploiting Browsers without Image Parsing Bugs Rennie deGraaf iSEC Partners 07 August 2014 Rennie deGraaf (iSEC Partners) SVG Security BH USA 2014 1 / 55 Outline 1 A brief introduction to SVG What is SVG? Using SVG with HTML SVG features 2 Attacking SVG Attack surface Security model Security model violations 3 Content Security Policy A brief introduction CSP Violations 4 Conclusion Rennie deGr
BHDC2010
Black Hat DC 2010 | Jorge Luis Alvarez Medina 1 Internet Explorer turns your personal computer into a public File Server Jorge Luis Alvarez Medina | CORE Security Technologies | February 2010 Black Hat DC 2010 | Jorge Luis Alvarez Medina 2 Outline • Attack results • Internet Explorer internals: a review • Features (vulnerabilities) enumeration • Turning the features into vulnerabilities to build a
Black Hat Japan 2008:ブラックハットジャパン2008
-Keynote- Black Ops of DNS 2008 : Its The End Of The Cache As We Know It -基調講演- DNS 2008版 Black Ops. 今までのDNSキャッシュじゃ通じない! by Dan Kaminsky (ダン・カミンスキー) Presentation Slides New reverse engineering technique using API hooking and sysenter hooking, and capturing of cash card access APIフックとsysenterフックを利用した新しい解析テクニックと、キャッシュカードアクセスのキャプチャリング by Kenji Aiko Presentation Slides (ENGLISH) Presentation Slides (J
Black Hat Japan 2008:ブラックハットジャパン2008
In English Oct9(THU): 9:50-17:30 Oct10(FRI): 8:30-15:00 In Japanese 10月9日(木):9:50-17:30 10月10日(金):8:30-15:00 There will be 2 tracks, over 2 days comprised of renowned information and computer security professionals. Call For Papers is opened by September 1. Simultaneous interpretation is available between English and Japanese. Speaker Table which directly can talk to the speaker with Japanese/ Eng
Black Hat Japan 2008:ブラックハットジャパン2008
Feedback forms will be available at the show. Let us know who was hot, who was not and get a chance to win admission to a future Briefings of your choice. フィードバック用紙が会場にございますので、どのスピーカが良かったか等、今後のブリーフィングス向上のためにお知らせいただけると幸いです。二日目の閉会挨拶時に厳正な抽選をし、選ばれた方には今後開催されるお好きなブラックハットへの無料招待券をプレゼントします。 各スピーカとは休憩時間に通訳つきで直接話せます。ブラックハットジャパンだけの特色です。 -Keynote- Black Ops of DNS 2008 : Its The End Of The Cache As We Know It
Black Hat Call for Papers Submission FAQ
FAQ Q: Who is allowed to submit presentations? A: Original authors of presentations may submit presentations for consideration. Third party representatives such as PR firms or Speaker Representatives MAY NOT submit materials on behalf of a potential speaker. Q: Why aren't Third Parties such as PR Firms allowed to submit presentations? A: Due to potential copyright and intellectual property liabili
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
[PDF] Crippling HTTPS with unholy PAC
[PDF] HEIST: HTTP Encrypted Information can be Stolen through TCP-windows
[PDF] HTTP Cookie Hijacking in the Wild: Security and Privacy Implications
[PDF] HTTP Cookie Hijacking in the Wild: Security and Privacy Implications
[PDF]SAME ORIGIN METHOD EXECUTION
[PDF] Revisiting XSS Sanitization (slide)
[PDF] Revisiting XSS Sanitization (paper)
Abusing_insecure_features_of_Internet_Explorer
[PDF] Our Favorite XSS Filters and how to Attack Them
https://www.blackhat.com/presentations/bh-usa-09/WEBER/BHUSA09-Weber-UnicodeSecurityPreview-PAPER.pdf
Exploiting Unicode-enabled software
Attacking with Character Encoding for Profit and Fun
http://www.blackhat.com/html/bh-japan-08/bh-japan-08-speakers.html