Loading…
44CON LONDON 2015 has ended
View analytic
Wednesday, September 9 • 18:45 - 19:44
Stegosploit - Drive-by Browser Exploits using only Images

Sign up or log in to save this to your schedule and see who's attending!

"A good exploit is one that is delivered with style".

Stegosploit creates a new way to encode "drive-by" browser exploits and deliver them through image files. These payloads are undetectable using current means. This paper discusses two broad underlying techniques used for image based exploit delivery - Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant image file is fused with HTML and Javascript decoder code, turning it into an HTML+Image polyglot. The polyglot looks and feels like an image, but is decoded and triggered in a victim's browser when loaded.

Speakers
avatar for Saumil Shah

Saumil Shah

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like 44CON, Blackhat, RSA, CanSecWest... Read More →


Wednesday September 9, 2015 18:45 - 19:44
Track 1

Attendees (0)