Secure Browser Plugins

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=QVJu3eeTLPc


Duration: 58:12
4 views
0

Native Client is Google's attempt at bringing millions of lines of existing C/C++ code to the Chrome web browser in a secure sandbox through a combination of software fault isolation, a custom compiler toolchain and a secure plugin architecture. Sound challenging? It is! Native Client isn't a typical browser extension and it certainly isn't ActiveX. Native Client allows for all sorts of applications to run inside in your browser, everything from games to PDF readers. In this talk I will cover the basics of the Native Client sandbox and general security relevant architecture including PPAPI (the replacement for NPAPI), vulnerabilities I discovered via source review in the PPAPI interface and finally a tool that dynamically generates code to fuzz the Native Client PPAPI interfaces based on the IDL (Interface Description Language) files found in the Chrome source tree.
Presented By:
Chris Rohlf

Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-31Denying Service to DDoS Protection Services
2021-12-31Java Every Days Exploiting Software Running on Three Billion Devices
2021-12-31Maltego Tungsten As a Collaborative Attack Platform
2021-12-31Big Data for Web Application Security
2021-12-31Detecting Vulnerabilities in Virtual Devices with Conformance Testing
2021-12-31BinaryPig Scalable Malware Analytics in Hadoop
2021-12-31Javascript Static Security Analysis Made Easy with JSPrime
2021-12-31Just In Time Code Reuse The More Things Change, the More They Stay the Same
2021-12-31Hacking for Fun & Profit
2021-12-31Web Exploit Toolkits
2021-12-31Secure Browser Plugins
2021-12-31Bouncer Land
2021-12-31Trust, Security and Society Presented By Bruce Schneier
2021-12-31Ghost in the Air Traffic
2021-12-31Random Number Generator in PHP
2021-12-31BlackOps
2021-12-31We have you by the Gadgets
2021-12-31Torturing OpenSSL
2021-12-31Probing The Mobile Operating Networks
2021-12-31Find Me in your Database
2021-12-31Digging Deep into the Flash Sandboxes


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
software
access
theft
system
firewall
communication
business
privacy
binary
account
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Chris Rohlf