Stegospolit - Exploit Delivery With Steganography and Polyglots
by Saumil Shah
"A good exploit is one that is delivered with style."
Stegosploit creates a new way to encode "drive-by" browser exploits and deliver them through image files. These payloads are undetectable using current means. This talk discusses two broad underlying techniques used for image based exploit delivery - Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant image file is fused with HTML and Javascript decoder code, turning it into an HTML+Image polyglot. The polyglot looks and feels like an image, but is decoded and triggered in a victim's browser when loaded. The Stegosploit Toolkit v0.3, to be released with improvements upon existing v0.2, contains the tools necessary to test image based exploit delivery.
Видео Stegospolit - Exploit Delivery With Steganography and Polyglots канала Black Hat
"A good exploit is one that is delivered with style."
Stegosploit creates a new way to encode "drive-by" browser exploits and deliver them through image files. These payloads are undetectable using current means. This talk discusses two broad underlying techniques used for image based exploit delivery - Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant image file is fused with HTML and Javascript decoder code, turning it into an HTML+Image polyglot. The polyglot looks and feels like an image, but is decoded and triggered in a victim's browser when loaded. The Stegosploit Toolkit v0.3, to be released with improvements upon existing v0.2, contains the tools necessary to test image based exploit delivery.
Видео Stegospolit - Exploit Delivery With Steganography and Polyglots канала Black Hat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Most Ransomware Isn't As Complex As You Might ThinkWebAuthn from W3C and FIDO Alliance - What You Need To KnowSteganography Primer - Daily Security ByteA Secret Message in an Image: SteganographyDefcon 21 - How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian HackersSteganography - security trick or dangerous risk?Practical Web Cache Poisoning: Redefining 'Unexploitable'DEF CON 25 - Roger Dingledine - Next Generation Tor Onion ServicesHow to verify viral social media videosWhy Photoshop’s Sharpen Filter DOESN'T Actually SHARPEN Your ImagesGOD MODE UNLOCKED - Hardware Backdoors in x86 CPUsHide Payloads for MacOS Inside Photo Metadata [Tutorial]Face X ray for More General Face Forgery DetectionNew Era in Telecom Hacking by Ali Abdollahi at BSides Toronto 2020How hackers hide malicious payload on QR Code using LinuxAdvanced NMap Techniques - Hak5 2415TEDxBinghamtonUniversity - Scott Craver - Steganography: Hiding in Plain SightSteganography (1/2) BsidesCT CTF 2018DEF CON 24 - Malware Command and Control Channels - A journey into darkness