Browser exploitation can seem to be a nearly unachievable task these days. ASLR, DEP, segregated processes and sandboxes have proven to be effective in abating exploits by attackers. Our expectation of browser security is so high, that in addition to bug bounty programs, competitions such as Pwn2Own and Pwnium have been formed around the core concept of weeding out dangerous bugs.
But even with all the current protections, there is still attack surface not being exploited. We are, of course, talking about Chrome Extensions security bugs. These bugs can lead to extremely powerful attacks, which can effectively allow an attacker to take over your browser. In our workshop, we will demonstrate the power given to an attacker in a presence of a vulnerable extension, and present a tool which will assist in their practical exploitation.
Kyle Osborn is a penetration tester at AppSec Consulting, where he specializes in web application security, network penetration, and physical assessments. He plays a bad guy at the Western Regional Collegiate Cyber Defense Competition. Osborn has developed a CTF, with his team, for the United States Cyber Challenge ÒCyber CampsÓ, where a number of campers competed in. Osborn has previously discussed browser and mobile security at prominent conferences such as BlackHat USA, DefCon, Toorcon, DerbyCon, and TakeDownCon.
Krzysztof Kotowicz is a Web security researcher specialized in the discovery and exploitation of HTML5 vulnerabilities. He is the author of multiple recognized HTML5/UI redressing attack vectors. Speaker at international IT security conferences & meetings (SecurityByte, HackPra, Hack In Paris, CONFidence). Works as IT security consultant with SecuRing and IT security trainer with Niebezpiecznik.pl. Author of the "Hacking HTML5" training program. Takes part in multiple Security Bug Bounty programs (Google Security Bug Bounty, Facebook White Hat, Piwik Security Bug Bounty).