Kos SecurityA blog about security.

The Hidden XSS Attacking the Desktop & Mobile Platforms – Slides & Video

A few weeks ago (October 2th) I was in Louisville, Kentucky, giving a talk at Derbycon. I also gave the same talk in San Diego (October 9th) at Toorcon 13. It’s a much expanded version of a talk I did back in June at Toorcon Seattle, “XSS Without the Browser”.

Slides are below, and video is after the break. The slides are a bit different than the video. I modified, reordered, and added a few slides, and also included a new Google application vulnerability.



The code is currently available at : http://kos.io/xsspwn/

A few notes I want to add about this video:

Comments (10)

[...] today’s TakeDownCon security conference in Las Vegas, researcher Kyle Osborn will present some examples of cross-site scripting attacks that he and colleagues have discovered [...]

[...] today’s TakeDownCon security conference in Las Vegas, researcher Kyle Osborn will present some examples of cross-site scripting attacks that he and colleagues have discovered [...]

[...] today’s TakeDownCon security conference in Las Vegas, researcher Kyle Osborn will present some examples of cross-site scripting attacks that he and colleagues have discovered [...]

[...] Una versión de la conferencia de Osborn está disponible en línea. Comparte esto:EmailDiggFacebookPrintNotas relacionadasTendencias 2012: el malware, a los móvilesMalware para Android crece 472 por cientoMCAFEE PUBLICA CINCO IMPORTANTES CONSEJOS PARA EVITAR APLICACIONES DEFECTUOSASBlackBerry 7 OS Obtiene la Certificación Common Criteria EAL4+Google termina con la aplicación de Gmail para Blackberrys3M PROTEGE LAPTOPS, TABLETS Y OTROS DISPOSITIVOS MÓVILES MEDIANTE SUS NUEVOS “FILTROS DE PRIVACIDAD”Descubren una importante vulnerabilidad de seguridad en el iPhoneDispositivos móviles: secuestro de información y suscripciones indeseadasiPhone puede usarse como keyloggerNueva versión de Android es más resistente contra ataques de seguridad [...]

[...] also made an interesting discovery in the Gmail application for Android. He found an XSS flaw in Gmail.app that would allow a hacker to forcefully download a certain file and then [...]

[...] also made an interesting discovery in the Gmail application for Android. He found an XSS flaw in Gmail.app that would allow a hacker to forcefully download a certain file and then [...]

[...] today’s TakeDownCon security conference in Las Vegas, researcher Kyle Osborn will present some examples of cross-site scripting attacks that he and colleagues have discovered [...]

[...] sandbox side step via owning extensionsHOW TO: Spy on the Webcams of Your Website VisitorsHidden XSS Attacking the Desktop & Mobile PlatformsHow To Own Every User On A Social Networking SiteHow to get SQL query contents from SQL injection [...]

[...] Hidden XSS Attacking the Desktop & Mobile Platforms [...]

[...] Hidden XSS Attacking the Desktop & Mobile Platforms [...]

Leave a Reply

Your email address will not be published. Required fields are marked *


− two = 4

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>