YoVDO

Exploit Delivery With Steganography and Polyglots

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Javascript Courses Image Processing Courses HTML Courses Steganography Courses

Course Description

Overview

Explore an innovative technique for delivering browser exploits through image files using steganography and polyglots in this Black Hat conference talk. Delve into the Stegosploit Toolkit v0.3, which encodes drive-by exploits into JPG and PNG images, creating undetectable payloads. Learn about the fusion of HTML and Javascript decoder code with image files to create HTML+Image polyglots that appear as normal images but execute malicious code when loaded in a victim's browser. Discover the intricacies of image encoding, JPEG and PNG file structures, HTML5 Canvas, and various delivery methods. Witness live demonstrations of successful exploit deliveries and discuss the implications for content sniffing, data forensics, and browser security. Gain insights into the challenges this technique poses for current detection methods and the need for improved browser security measures.

Syllabus

Intro
Exploit
Tools
How Images Work
Images in Layers
Image Layers
Composite Layers
JPEG
Encoding
Decoder Code
HTML5 Canvas
Decoder
Images
Polyglots
JPEG markers
JPEG files
Compression
HTML Code
JavaScript
Testing
HTML Template
Decoder Script
New JPEG
JPEG Result
Preview App
JJ Encoding
Delivery
Close Browser
Load Image
Open Image
Meterpreter
Privilege Escalation
Authority System
Give or Take
PNG
CC
PNG demo
Bit layer 0
Green Channel
Exploit Bit
Calculator
Browser
Demo
Demo Success
Exploit Delivery
Content Sniffing
Data Forensics
Detection
Where to get it raw
Conclusions
The Challenge
Browsers need to wake up
Questions Answers


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube