YoVDO

Bypassing Browser Security Policies for Fun and Profit

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Content Security Policy Courses Same-Origin Policy Courses Vulnerability Research Courses

Course Description

Overview

Explore a comprehensive analysis of mobile browser security vulnerabilities in this Black Hat conference talk. Delve into the world of bypassing core security policies like Same Origin Policy and Content Security Policy in mobile browsers. Discover various security flaws including Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, and Mixed Content Bypass found in Android browsers. Learn about the testing methodology used to uncover Android zero-day vulnerabilities and examine real-world examples of security weaknesses in popular Android third-party web browsers and Android WebView. Gain insights into the root causes of these bugs, their exploitation techniques, and potential patches. Conclude with a demonstration of a sample test suite for assessing basic security properties of mobile web browsers.

Syllabus

Intro
Agenda
Testing methodology & References
Introduction Same Origin Policy
SOP Bypasses For Android Browsers
SOP Bypass 1 - CVE 2014-6041 (POC)
SOP Bypass 2 - POC
Google Play's Web Remote Installation Feature
Introduction: Cross Scheme Data Exposure
CSDE Vulnerability Android Stock Browser
Cross Scheme Data Exposure Attack Plan
Android Gingerbread CSDE (POC)
Android Jellybean CSDE (POC)
CSP And Mobile Browsers
Problem with Mobile Browsers And CSP
Android Patch Management issues
How Apple Panch management Works? (Will's Graphs)
How Everything else works
Blackhat Sound Bytes


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube