Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

Roberto Suggi Liverani & Scott Bell (Principal Security Consultants, Security-Asessment.com)

PRESENTATION TITLE: Window Shopping: Browser Bug Hunting in 2012

PRESENTATION ABSTRACT:

Web browsers have become part of everyday life, and are relied upon by millions of internet citizens each day. The feature rich online world has turned the once simple web browser into a highly complex (and very often insecure) desktop application.

As browser vendors have extended functionality and support to new technologies, security researchers and hackers are continuously looking for new vulnerabilities. In this talk, Roberto and Scott will share results of their assiduous browser bug hunting. The talk will examine techniques used to discover critical and less severe vulnerabilities in some of the most popular browsers on the market.

This talk will focus heavily (but not exclusively) on the following areas:

- Memory corruption bugs;
– New approaches to DOM fuzzing;
– Old school techniques against new browser technology;
– Cross Context Scripting and injection attacks;
– SOP Bypass;

The presentation will conclude with a montage of on-stage demonstrations of previously unreleased vulnerabilities, including remote code execution, injections and other tailored browser exploits.

ABOUT ROBERTO SUGGI LIVERANI

Roberto Suggi Liverani focuses on intrusion testing and new methods of exploitation. Roberto has worked with companies such as Google, Adobe, Oracle, Mozilla and Opera by reporting and helping to fix security vulnerabilities in their products. Roberto has been a guest speaker at global security conferences, including EUSecWest, Ruxcon, Kiwicon and DEFCON. Roberto tweets from @malerisch and his blog can be found at: http://blog.malerisch.net

ABOUT SCOTT BELL

Scott Bell is a Principal Security Consultant at Security-Asessment.com. Scott specialises in web application security and is co-leader of the OWASP New Zealand Chapter. As a side interest, Scott enjoys fuzzing, finding bugs and dabbling in exploit development. Scott also holds a Ph.D in reverse-shellology.

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

( / 10 )