Friendly Traitor 2 Features Are Hot But Giving Up Our Secrets Is Not! presented at OWASP Appsec 2010

by Mike Poor (InGuardians), Kevin Johnson (SecurIdeas),

Tags: Security Exploitation

URL :!

Summary : In Friendly Traitor 2, Kevin Johnson and Mike Poor continue to explore the risks and threats exposed by the features that we keep demanding from developers. Our software clients are becoming more complex, and attackers have smelled the blood in the water and are attacking them in droves.

Kevin and Mike will begin by explaining some of the new features of HTML5 and JavaScript that are being rolled out, and subsequently exploited. The presentation then delves into the latest in Adobe Flash exploitation fun and finishes strong with presenting their latest research in mobile phone "feature" exploitation.

Throughout the talk, Mike and Kevin will be releasing exploit code and tools that target these features. They will also be releasing their latest additions to Wadfe Alcorn's BeEF exploit tool developed in order to exploit these technologies.

Mike Poor: Mike Poor Mike Poor is a founder and Senior Security Analyst with InGuardians. Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike is an author and editor of the international best seller “Snort 2.1” book from Syngress, and is a Handler for the Internet Storm Center. Mike teaches Intrusion Detection for the SANS Institute and has supported Intrusion Detection and Incident Response teams for the military, and has worked for Sourcefire as a research engineer, and for the SANS Institute leading their Intrusion Analysis Team.]]