A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Exploiting Browsers Like A Boss w/ WhiteLightning! - Bryce Kunz Derbycon 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Exploiting Browsers Like A Boss w/ WhiteLightning!
Bryce Kunz
Derbycon 2014

Have you ever performed a spear-phishing attack where you failed to gain access to your target even though you know your target was exploitable to an old browser exploit? Selecting the wrong browser exploit or the wrong callback port for your payload can make for a very sad panda. Well cry no more sad panda- because WhiteLightning solves your exploitation problems! WhiteLightning is a browser exploitation framework that stealthily detects accurate versioning information from an endpoint’s browser and intelligently selects the best browser exploits to gain access to the remote endpoint. WhiteLightning directly interfaces with Metasploit via MSGRPC to accurately start exploits- payloads- and handlers in real-time. Ready for the best part? Using some slick trickery I will show you how to use WhiteLightning and Metasploit together to exploit endpoint browsers all over a single TCP port using valid HTTP requests! Say goodbye to blocked callbacks and unreliable browser exploitation because we’re about to 0wn some targets with WhiteLightning!!!

Back to Derbycon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast