Attacking Interoperability presented at HITBSecConf Malaysia 2009

by Mark Dowd,

Tags: Security Exploitation Browser

Summary : Attacking InteroperabilityPresentation AbstractInteractive content has become increasingly powerful and more flexible over the last few years, with major functionality additions appearing in several web-based technologies such as Javascript, .NET, and via browser plugins. These functionality changes coupled with increasingly complex cross-communication layers has created a nuanced and precarious trust layer between many different previously unrelated components.This presentation attempts to address the issue of trust in the context of active content, and how it is is more complicated than it might first appear. We will demonstrate the exploitation of these trust relationships at different levels of applications, from subverting architectural security controls to memory corruption vulnerabilities that lead to arbitrary execution.About Mark DowdTBC** Note: Presenting with Ryan Smith (ISS)