filmov
tv
#HITB2012AMS D2T2 - Nicolas Gregoire - Attacking XML Preprocessing
Показать описание
------------------------------------------------------------------------------------------------------
#HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN
------------------------------------------------------------------------------------------------------
Documenting more than a year of research in XML technologies, this talk will detail security implications of the XML format and its processing practices.
Discussed targets range from browsers to enterprise-level security solutions and web-service back-ends. Several key technologies will be addressed: XML grammar aka DTD, homo-iconicity and self-contained dynamic SVG images, design and implementation vulnerabilities in XSLT and XPath engines, in-memory exploitation of Java-based XSLT engines, XML databases and many more ... PoC code has and will systematically be released for every (patched) vulnerability.
The goal of this presentation is to document and publicize state of the art attacks including:
- Data obfuscation in XML containers (Adobe, VLC, ...)
- DTD manipulation used to read (possibly binary) files, steal hashes or generate XSS
- Dangerous extensions in newly studied XSLT and XQuery engines (Adobe, Oracle, XT, 4Suite, ...)
- Grammar and mutation-based fuzzing of XPath and XSLT engines
- Bizarre combination of grammar, data, code and markup in a single XML file
- How to trigger XSLT code in security protocols (SAML, WS-Security, ...)
- Advanced in-memory exploitation of Java based XSLT engines
ABOUT NICOLAS GREGOIRE
Nicolas Grégoire has worked in Information Security for more than ten years. After initially jobbing in a start-up, he spent 4 years doing full-time pen-testing as a consultant. Afterwards, he moved into the nice region of Luberon and became an internal security auditor for one of largest French PKI.
In early 2011, he left this job to create Agarri, a small company dedicated to the offensive side of information security : pen-testing, white / gray / black-box audit, code review, vulnerability research, trainings, etc. Since then, he published several vulnerabilities in well-known high-profile products such as Webkit, PHP, DotNetNuke, VMware ESX, Excel, HP SAN appliances, ... His current research focus is XML technologies at large.
#HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN
------------------------------------------------------------------------------------------------------
Documenting more than a year of research in XML technologies, this talk will detail security implications of the XML format and its processing practices.
Discussed targets range from browsers to enterprise-level security solutions and web-service back-ends. Several key technologies will be addressed: XML grammar aka DTD, homo-iconicity and self-contained dynamic SVG images, design and implementation vulnerabilities in XSLT and XPath engines, in-memory exploitation of Java-based XSLT engines, XML databases and many more ... PoC code has and will systematically be released for every (patched) vulnerability.
The goal of this presentation is to document and publicize state of the art attacks including:
- Data obfuscation in XML containers (Adobe, VLC, ...)
- DTD manipulation used to read (possibly binary) files, steal hashes or generate XSS
- Dangerous extensions in newly studied XSLT and XQuery engines (Adobe, Oracle, XT, 4Suite, ...)
- Grammar and mutation-based fuzzing of XPath and XSLT engines
- Bizarre combination of grammar, data, code and markup in a single XML file
- How to trigger XSLT code in security protocols (SAML, WS-Security, ...)
- Advanced in-memory exploitation of Java based XSLT engines
ABOUT NICOLAS GREGOIRE
Nicolas Grégoire has worked in Information Security for more than ten years. After initially jobbing in a start-up, he spent 4 years doing full-time pen-testing as a consultant. Afterwards, he moved into the nice region of Luberon and became an internal security auditor for one of largest French PKI.
In early 2011, he left this job to create Agarri, a small company dedicated to the offensive side of information security : pen-testing, white / gray / black-box audit, code review, vulnerability research, trainings, etc. Since then, he published several vulnerabilities in well-known high-profile products such as Webkit, PHP, DotNetNuke, VMware ESX, Excel, HP SAN appliances, ... His current research focus is XML technologies at large.
0:55:28
1:07:36
0:55:28
0:48:44
0:54:20
1:14:50
0:44:26
0:51:55
0:48:44
0:56:51
0:07:41
0:50:11
1:03:50
0:47:22
0:52:54
0:03:27
0:05:35
0:13:15
0:51:31
0:25:35
0:05:38
0:24:13
0:29:52
0:05:11