Attacking ECMAScript Engines With Redefinition

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=6b7hXklOmvk


Duration: 25:08
1 views
0

The dynamic nature of ECMAScript allows for functions and properties to be redefined in a variety of ways - even functions that are vital for internal functionality of the ECMAScript engine. This presentation explores the problems that can arise from ECMAScript redefinition. It goes through the various ways that functions and properties can be redefined in different ECMAScript implementations and describes several vulnerabilities we found as a result of these methods. It also provides some strategies for finding these types of security issues in other targets.

Presentation White Paper

PRESENTED BY
Natalie Silvanovich

Black Hat - USA - 2015 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-04Social Engineering The Windows Kernel Finding & Exploiting Token Handling Vulnerabilities
2022-01-04Most Ransomware Isn t As Complex As You Might Think
2022-01-03Switches Get Stitches
2022-01-03Repurposing OnionDuke A Single Case Study Around Reusing Nation State Malware
2022-01-03Assessing And Exploiting BigNum Vulnerabilities
2022-01-03Bypass Control Flow Guard Comprehensively
2022-01-03Dom Flow Untangling The DOM For More Easy Juicy Bugs
2022-01-03How Vulnerable Are We To Scams
2022-01-03Bypass Surgery Abusing Content Delivery Networks With Ser Side Request Forgery
2022-01-03Information Access And Information Sharing Where We Are And Where We Are Going
2022-01-03Attacking ECMAScript Engines With Redefinition
2022-01-03Certifi gate Front Door Access To Pwning Millions Of Androids
2022-01-03Emanate Like A Boss Generalized Covert Data Exfiltration With Funtenna
2022-01-03Attacking Hypervisors Using Firmware And Hardware
2022-01-03Cloning 3G4G SIM Cards With A PC And An Oscilloscope Lessons Learned
2022-01-03Internet Facing PLCs A New Back Orifice
2022-01-03Exploiting Out of Order Execution For Covert Cross VM Communication
2022-01-03Commercial Mobile Spyware Detecting The Undetectable
2022-01-03Internet Plumbing Gor Security Professionals The State Of BGP Security
2022-01-03Automated Human Vulnerability Scanning With AVA
2022-01-03Exploiting The DRAM Rowhammer Bug To Gain Kernel Privileges


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
information
online
password
code
web
concept
thief
network
scam
fraud
malware
secure
criminal
phishing
software
access
safety
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Natalie Silvanovich
attacking
ECMAScript
engines