Difference between revisions of "Training Offensive"
From BruCON 2016
(→Offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich) |
(→Offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich) |
||
Line 1: | Line 1: | ||
=Offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich= | =Offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich= | ||
+ | (or How to make sure your Pentest Report is never empty) | ||
+ | |||
+ | ===Course Description=== | ||
+ | This workshop was formerly held in closed environments for government | ||
+ | contractors, companies and other organizations and is now available on | ||
+ | conferences and alike. This comprehensive hands-on no-bullshit guide | ||
+ | through the crazy world of HTML and its satellite technologies will | ||
+ | give a very detailed overview on the current attack landscape. | ||
+ | |||
+ | * Did you know that CSS3 can function as XSS filter and steal session tokens? | ||
+ | |||
+ | * Did you know that copy & paste from an Office-Document is completely unsafe? | ||
+ | |||
+ | * Did you know that you have a SOP violation whenever you can control the fist byte of a HTML document? | ||
+ | |||
+ | The focus of this workshop will be on the offensive parts of HTML, the | ||
+ | nasty and undocumented stuff, dozens of new attack techniques straight | ||
+ | from the laboratory of horrors of those maintaining the HTML5 Security | ||
+ | Cheatsheet... and will even cover the defence parts necessary to | ||
+ | protect one's fine web-applications. | ||
+ | |||
+ | We'll learn how to attack any web-application with either legacy | ||
+ | madness - or the half-baked results coming to your browser from the | ||
+ | meth-labs of W3C and WHATWG without you even knowing it. Whether you | ||
+ | want to attack classic web-apps or shine Chrome Packaged Apps - you'll | ||
+ | not be disappointed. Whoever likes crazy HTML, CSS and JavaScript | ||
+ | will enjoy and benefit from this workshop. A bit of knowledge on | ||
+ | either of those is required, rocket scientists and adepts will be | ||
+ | satisfied equally. | ||
+ | |||
<!--In the professional information security world, there has yet to be a course which provides the | <!--In the professional information security world, there has yet to be a course which provides the | ||
students the knowledge and skills to carry out a real world attack. Traditional penetration | students the knowledge and skills to carry out a real world attack. Traditional penetration |
Revision as of 06:54, 10 December 2013
Offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich
(or How to make sure your Pentest Report is never empty)
Course Description
This workshop was formerly held in closed environments for government contractors, companies and other organizations and is now available on conferences and alike. This comprehensive hands-on no-bullshit guide through the crazy world of HTML and its satellite technologies will give a very detailed overview on the current attack landscape.
- Did you know that CSS3 can function as XSS filter and steal session tokens?
- Did you know that copy & paste from an Office-Document is completely unsafe?
- Did you know that you have a SOP violation whenever you can control the fist byte of a HTML document?
The focus of this workshop will be on the offensive parts of HTML, the nasty and undocumented stuff, dozens of new attack techniques straight from the laboratory of horrors of those maintaining the HTML5 Security Cheatsheet... and will even cover the defence parts necessary to protect one's fine web-applications.
We'll learn how to attack any web-application with either legacy madness - or the half-baked results coming to your browser from the meth-labs of W3C and WHATWG without you even knowing it. Whether you want to attack classic web-apps or shine Chrome Packaged Apps - you'll not be disappointed. Whoever likes crazy HTML, CSS and JavaScript will enjoy and benefit from this workshop. A bit of knowledge on either of those is required, rocket scientists and adepts will be satisfied equally.
23 - 25 April (09:00 - 17:00)