A New Web Attack Vector: Script Fragmentation presented at BruCON 2009

by Stephan Chenette (WebSense ),

Tags: Web Exploitation Risk

URL : http://2009.brucon.org/articles/s/p/e/Speakers.html#Stephan_Chenette

Summary : This presentation will introduce a new web-based attack vector which utilizes client-side scripting to fragment malicious web content.

This involves distributing web exploits in a asynchronous manner to evade signature detection. Similar to TCP fragmentation attacks, which are still an issue in current IDS/IPS products, This attack vector involves sending any web exploit in fragments and uses the already existing components within the web browser to reassemble and execute the exploit.

Our presentation will discuss this attack vector used to evade both gateway and client side detection. We will show several proof of concepts containing common readily available web exploits.

Stephan Chenette: Stephan Chenette is a Senior Security Researcher for Websense Security Labs working on malcode detection techniques. Mr. Chenette specializes in research tools ranging from kernel-land sandboxes, to static analysis scanners. He has released public analyses on various vulnerabilities and malware. Prior to joining Websense, Stephan was a security software engineer for 4 years working in research and product development at eEye Digital Security.