| « BlackHat iPhone SMS Vulnerability and Mobile Security | Nmap 5.00 Released with Some Amazing New Features » |
BlackHat / DefCon 2009 - Using Guided Missiles in Drive-Bys (MetaSploit)
08/06/09
BlackHat / DefCon 2009 - Using Guided Missiles in Drive-Bys (MetaSploit)
Both BlackHat and DefCon added very popular MetaSploit tracks this year - many of which were attended by Priveon. One of the tracks given by James Lee (aka Egypt) titled "Using guided missiles in drive-bys: automating browser fingerprinting and exploitation with the MetaSploit Framework."
The talk focused on problems with sending all exploits for a specific browser - the problem being that this often results in a browser crash rather than a successful exploit. The MetaSploit solution to this approach is "guided missile" approach - only sending exploits for a given browser that are likely to be successful. This minimizes the chance of a browser crash and maximizes the chance of successful exploitation.
One of the primary differences between Egypt's approach and others specifically dealt with client (browser) fingerprinting. Traditionally, this has been accomplished by detecting the user agent in the HTTP header. Problems with this approach include proxy re-writes of the header and simple spoofing. Egypt's approach was to use specific JavaScript objects that only exist in specific browsers. This makes browser spoofing more difficult.
MetaSploit features discussed by Egypt also included support for obfuscation and quick creation of custom exploits. These techniques are important in understanding real-world attack scenarios and in penetration test scenarios.
XML Feeds©2010 by Priveon, Inc.