A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Kyle Osborne (kos) – The Hidden XSS – Attacking the Desktop Derbycon 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)

Kyle Osborne (kos) – The Hidden XSS – Attacking the Desktop
Derbycon 2011

Cross Site Scripting is most generally known as a website or browser vulnerability (see “Hacking Google ChromeOS”). But with today’s dynamic desktop environment, it’s not uncommon for desktop application to contain a mishmosh of technologies. Since user friendly interfaces are very important (we have degrees in UI development!), HTML & JavaScript is being utilized as a medium to deliver the function. Fortunately for attackers, this also opens up the same web vulnerabilities that a browser allows. Using popular IM clients (and an operating system!) as examples, we’ll go over how an attacker can own you, desktop and mobile, using an everyday web vulnerability, Cross Site Scripting. Topics include discovering XSS vulnerabilities in applications, writing the exploits, and post exploitation (what can we do??)

Back to Derbycon 2011 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast