Buried by time, dust and BeEF
Thursday, November 21 • 2:00 pm - 2:50 pm
For those who do not listen Mayhem and black metal, the talk title
might seem a bit weird, and I can't blame you.
You know the boundaries of the Same Origin Policy, you know SQL injection and time-delays,
you know BeEF. You also know that when sending cross-domain XHRs you
can still monitor the timing of the response: you might want to infer
on 0 or 1 bits depending if the response was delayed or not.
This means it's possible to exploit every kind of SQL injection,
blind or not blind, through an hooked browser, if you can inject a time-delay
and monitor the response timing.
This works flawlessly in cross-domain situations,
you don't need a 0day or a particular SOP bypass to do this,
and it works in every browser.
The potential of being faster than a normal single-host multi-threaded SQLi
dumper will be explored. Two experiments will be shown: WebWorkers as well
as multiple synched hooked browsers, which split the workload communicating
partial results to a central server.
A pure JavaScript approach will be exlusively presented during this talk,
including live demos. Such approach would work for both internet facing targets as well as
applications available in the intranet of the hooked browser.
The talk will finish discussing the implications of such an approach
in terms of Incident Response and Forensics,
showing evidence of a very small footprint.
Speaker:
Michele Orru
Michele Orru a.k.a. antisnatchor is an IT and ITalian security
guy. Lead core developer of the BeEF project, he mainly focuses his research on
application security and related exploitation techniques.
He is one of the authors of Browser Hacker's Handbook, which will be out
by late 2013 from Wiley.
He is a frequent speaker at hacking conferences, including CONFidence,
DeepSec, Hacktivity, SecurityByte, AthCon, HackPra, Semafor, Just4Meeting,
OWASP AppSec USA, 44Con, EUSecWest, Ruxcon, ZeroNights and more we just
can't disclose.
Besides having a passion for hacking and being a Senior Spider (for
Trustwave SpiderLabs), he enjoys leaving his Mac alone, whilst fishing
on salted water and praying for Kubrick's resurrection.
Michele Orru a.k.a. antisnatchor is an IT and Italian security guy. Lead
core developer of the BeEF project,
he mainly focuses his research on application security and related
exploitation techniques. He is one of the
authors of Browser Hacker's Handbook, which will be available in
March 2014 from Wiley. He is a frequent
speaker at hacking conferences, including CONFidence, DeepSec,
Hacktivity, SecurityByte, AthCon, HackPra,
Semafor, Just4Meeting, OWASP AppSec USA, 44Con, EUSecWest, Ruxcon,
ZeroNights and more we just can't disclose.
Besides having a passion for hacking and being a Senior Spider (for
Trustwave SpiderLabs), he enjoys leaving his Mac alone,
whilst fishing on salted water and praying for Kubrick's resurrection.