Tutorial By ETHz
Preview:
In recent years the Web browser has increasingly become
targeted as an infection vector for vulnerable hosts. Classic
scan for and remotely connect to vulnerable hosts (typically
servers) in order to exploit them. Unlike these, Web browser
vulnerabilities are commonly exploited when the user of the
vulnerable host visits a malicious Web site.
Attacks against Web browsers depend upon malicious con-
tent being rendered by the appropriate built-in interpreter (e.g.,
HTML, JavaScript, CSS, etc.) or vulnerable plug-in technol-
ogy (e.g., Flash, QuickTime, Java, etc.) [1, 2]. Vulnerabilities
lying within these rendering technologies are then exposed to
any exploit techniques or malicious code developed by the at-
tacker. Vulnerability trend reports have indicated that remotely
exploitable vulnerabilities have been increasing since the year
2000 and reached 89.4% of vulnerabilities reported in 2007
[3]. A growing percentage of these remotely exploitable vul-
nerabilities are associated with Web browsers.
Download Link: http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-frei-panel.pdf