Same Origin Method Execution - Exploiting a Callback for Same Origin Policy Bypass
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the powerful "Same Origin Method Execution" (SOME) technique in this Black Hat conference talk. Discover how SOME exploits JSONP to bypass Same Origin Policy restrictions, allowing attackers to perform unlimited unintended actions on websites. Learn the differences between SOME and click-jacking, understanding why SOME is not confined by UI, browser type, HTTP headers, or specific webpages. Examine how JSONP creates vulnerabilities across entire domains, even in highly protected environments. Gain insights into the severe potential damage of SOME attacks, which can occur without user interaction. Dive into an introduction, objectives, Same Origin Policy explanation, JSON and JSONP concepts, callback mechanisms, practical examples, and a live demonstration. Conclude with a discussion on protections and solutions to mitigate SOME vulnerabilities.
Syllabus
Introduction
Objectives
Same Origin Policy
What is Jason
Jason with Padding
Callback
What else can you do
Example
Demo
Protections
Solutions
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube