Name: Stegosploit - Drive-by Browser Exploits using only Images
Start: 2015-09-09T18:45:00+0100
End: 2015-09-09T19:44:00+0100

Back To Schedule

Stegosploit - Drive-by Browser Exploits using only Images

"A good exploit is one that is delivered with style".

Stegosploit creates a new way to encode "drive-by" browser exploits and deliver them through image files. These payloads are undetectable using current means. This paper discusses two broad underlying techniques used for image based exploit delivery - Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant image file is fused with HTML and Javascript decoder code, turning it into an HTML+Image polyglot. The polyglot looks and feels like an image, but is decoded and triggered in a victim's browser when loaded.

Speakers

Saumil Shah

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like 44CON, Blackhat, RSA, CanSecWest... Read More →

Wednesday September 9, 2015 18:45 - 19:44 BST
Track 1

Track 1 Talk

44CON LONDON 2015

Saumil Shah

Attendees (0)

44CON LONDON 2015

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Saumil Shah

Attendees (0)