Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013

•Als PPTX, PDF herunterladen•

5 gefällt mir•10,299 views

A Glimpse through V4 of OWASP Xenotix XSS Exploit Framework

•
•
•
•

START

Xenotix HTTP Web Shell
Proxy
Web Server
ATTACKER
VICTIM
GET http://facebook.com
Serve the
JavaScript
File
Facebook.com HTML page contents
FB’s
Server

SO....
Never Under Estimate
the Power of XSS

ajinabrahamofficial
ajinabrahamofficial
ajinabraham
ajinabraham
ajin.abraham@owasp.org

Empfohlen

Website Research

Website Research

Website ResearchMattCheetham

Node JS reverse shell

Node JS reverse shell

Node JS reverse shellMadhu Akula

How to find Zero day vulnerabilities

How to find Zero day vulnerabilities

How to find Zero day vulnerabilitiesMohammed A. Imran

Zero-Day Vulnerability and Heuristic Analysis

Zero-Day Vulnerability and Heuristic Analysis

Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa

Xenotix XSS Exploit Framework: Clubhack 2012

Xenotix XSS Exploit Framework: Clubhack 2012

Xenotix XSS Exploit Framework: Clubhack 2012 Ajin Abraham

Null Singapore 2015 accomplishments

Null Singapore 2015 accomplishments

Null Singapore 2015 accomplishmentsMohammed A. Imran

OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013

OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013

OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013Ajin Abraham

A2 - broken authentication and session management(OWASP thailand chapter Apri...

A2 - broken authentication and session management(OWASP thailand chapter Apri...

A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew

Empfohlen

Website Research

Website Research

Website ResearchMattCheetham

Node JS reverse shell

Node JS reverse shell

Node JS reverse shellMadhu Akula

How to find Zero day vulnerabilities

How to find Zero day vulnerabilities

How to find Zero day vulnerabilitiesMohammed A. Imran

Zero-Day Vulnerability and Heuristic Analysis

Zero-Day Vulnerability and Heuristic Analysis

Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa

Xenotix XSS Exploit Framework: Clubhack 2012

Xenotix XSS Exploit Framework: Clubhack 2012

Xenotix XSS Exploit Framework: Clubhack 2012 Ajin Abraham

Null Singapore 2015 accomplishments

Null Singapore 2015 accomplishments

Null Singapore 2015 accomplishmentsMohammed A. Imran

OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013

OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013

OWASP Xenotix XSS Exploit Framework v3 : Nullcon Goa 2013Ajin Abraham

A2 - broken authentication and session management(OWASP thailand chapter Apri...

A2 - broken authentication and session management(OWASP thailand chapter Apri...

A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew

Injecting Security into Web apps at Runtime Whitepaper

Injecting Security into Web apps at Runtime Whitepaper

Injecting Security into Web apps at Runtime WhitepaperAjin Abraham

Injecting Security into vulnerable web apps at Runtime

Injecting Security into vulnerable web apps at Runtime

Injecting Security into vulnerable web apps at RuntimeAjin Abraham

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham

Hacking Tizen: The OS of everything - Whitepaper

Hacking Tizen: The OS of everything - Whitepaper

Hacking Tizen: The OS of everything - WhitepaperAjin Abraham

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham

Abusing Exploiting and Pwning with Firefox Addons

Abusing Exploiting and Pwning with Firefox Addons

Abusing Exploiting and Pwning with Firefox AddonsAjin Abraham

Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains

Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains

Exploit Research and Development Megaprimer: DEP Bypassing with ROP ChainsAjin Abraham

Abusing Google Apps and Data API: Google is My Command and Control Center

Abusing Google Apps and Data API: Google is My Command and Control Center

Abusing Google Apps and Data API: Google is My Command and Control CenterAjin Abraham

Exploit Research and Development Megaprimer: Win32 Egghunter

Exploit Research and Development Megaprimer: Win32 Egghunter

Exploit Research and Development Megaprimer: Win32 EgghunterAjin Abraham

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...Ajin Abraham

Exploit Research and Development Megaprimer: Unicode Based Exploit Development

Exploit Research and Development Megaprimer: Unicode Based Exploit Development

Exploit Research and Development Megaprimer: Unicode Based Exploit DevelopmentAjin Abraham

Exploit Research and Development Megaprimer: Buffer overflow for beginners

Exploit Research and Development Megaprimer: Buffer overflow for beginners

Exploit Research and Development Megaprimer: Buffer overflow for beginnersAjin Abraham

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...Ajin Abraham

Abusing, Exploiting and Pwning with Firefox Add-ons

Abusing, Exploiting and Pwning with Firefox Add-ons

Abusing, Exploiting and Pwning with Firefox Add-onsAjin Abraham

Wi-Fi Security with Wi-Fi P+

Wi-Fi Security with Wi-Fi P+

Wi-Fi Security with Wi-Fi P+Ajin Abraham

Shellcoding in linux

Shellcoding in linux

Shellcoding in linuxAjin Abraham

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765

Weitere ähnliche Inhalte

Mehr von Ajin Abraham

Injecting Security into Web apps at Runtime Whitepaper

Injecting Security into Web apps at Runtime Whitepaper

Injecting Security into Web apps at Runtime WhitepaperAjin Abraham

Injecting Security into vulnerable web apps at Runtime

Injecting Security into vulnerable web apps at Runtime

Injecting Security into vulnerable web apps at RuntimeAjin Abraham

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham

Hacking Tizen: The OS of everything - Whitepaper

Hacking Tizen: The OS of everything - Whitepaper

Hacking Tizen: The OS of everything - WhitepaperAjin Abraham

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham

Abusing Exploiting and Pwning with Firefox Addons

Abusing Exploiting and Pwning with Firefox Addons

Abusing Exploiting and Pwning with Firefox AddonsAjin Abraham

Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains

Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains

Exploit Research and Development Megaprimer: DEP Bypassing with ROP ChainsAjin Abraham

Abusing Google Apps and Data API: Google is My Command and Control Center

Abusing Google Apps and Data API: Google is My Command and Control Center

Abusing Google Apps and Data API: Google is My Command and Control CenterAjin Abraham

Exploit Research and Development Megaprimer: Win32 Egghunter

Exploit Research and Development Megaprimer: Win32 Egghunter

Exploit Research and Development Megaprimer: Win32 EgghunterAjin Abraham

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...Ajin Abraham

Exploit Research and Development Megaprimer: Unicode Based Exploit Development

Exploit Research and Development Megaprimer: Unicode Based Exploit Development

Exploit Research and Development Megaprimer: Unicode Based Exploit DevelopmentAjin Abraham

Exploit Research and Development Megaprimer: Buffer overflow for beginners

Exploit Research and Development Megaprimer: Buffer overflow for beginners

Exploit Research and Development Megaprimer: Buffer overflow for beginnersAjin Abraham

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...Ajin Abraham

Abusing, Exploiting and Pwning with Firefox Add-ons

Abusing, Exploiting and Pwning with Firefox Add-ons

Abusing, Exploiting and Pwning with Firefox Add-onsAjin Abraham

Wi-Fi Security with Wi-Fi P+

Wi-Fi Security with Wi-Fi P+

Wi-Fi Security with Wi-Fi P+Ajin Abraham

Shellcoding in linux

Shellcoding in linux

Shellcoding in linuxAjin Abraham

Mehr von Ajin Abraham (20)

Injecting Security into Web apps at Runtime Whitepaper

Injecting Security into Web apps at Runtime Whitepaper

Injecting Security into Web apps at Runtime Whitepaper

Injecting Security into vulnerable web apps at Runtime

Injecting Security into vulnerable web apps at Runtime

Injecting Security into vulnerable web apps at Runtime

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

Automated Security Analysis of Android & iOS Applications with Mobile Securit...

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015

Hacking Tizen: The OS of everything - Whitepaper

Hacking Tizen: The OS of everything - Whitepaper

Hacking Tizen: The OS of everything - Whitepaper

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Abusing Exploiting and Pwning with Firefox Addons

Abusing Exploiting and Pwning with Firefox Addons

Abusing Exploiting and Pwning with Firefox Addons

Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains

Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains

Exploit Research and Development Megaprimer: DEP Bypassing with ROP Chains

Abusing Google Apps and Data API: Google is My Command and Control Center

Abusing Google Apps and Data API: Google is My Command and Control Center

Abusing Google Apps and Data API: Google is My Command and Control Center

Exploit Research and Development Megaprimer: Win32 Egghunter

Exploit Research and Development Megaprimer: Win32 Egghunter

Exploit Research and Development Megaprimer: Win32 Egghunter

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...

Exploit Research and Development Megaprimer: mona.py, Exploit Writer's Swiss ...

Exploit Research and Development Megaprimer: Unicode Based Exploit Development

Exploit Research and Development Megaprimer: Unicode Based Exploit Development

Exploit Research and Development Megaprimer: Unicode Based Exploit Development

Exploit Research and Development Megaprimer: Buffer overflow for beginners

Exploit Research and Development Megaprimer: Buffer overflow for beginners

Exploit Research and Development Megaprimer: Buffer overflow for beginners

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...

Abusing, Exploiting and Pwning with Firefox Add-ons: OWASP Appsec 2013 Presen...

Abusing, Exploiting and Pwning with Firefox Add-ons

Abusing, Exploiting and Pwning with Firefox Add-ons

Abusing, Exploiting and Pwning with Firefox Add-ons

Wi-Fi Security with Wi-Fi P+

Wi-Fi Security with Wi-Fi P+

Wi-Fi Security with Wi-Fi P+

Shellcoding in linux

Shellcoding in linux

Shellcoding in linux

Kürzlich hochgeladen

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765

Emixa Mendix Meetup 11 April 2024 about Mendix Native development

Emixa Mendix Meetup 11 April 2024 about Mendix Native development

Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll

Long journey of Ruby standard library at RubyConf AU 2024

Long journey of Ruby standard library at RubyConf AU 2024

Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger

Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

React Native vs Ionic - The Best Mobile App Framework

React Native vs Ionic - The Best Mobile App Framework

React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple

Moving Beyond Passwords: FIDO Paris Seminar.pdf

Moving Beyond Passwords: FIDO Paris Seminar.pdf

Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3

The State of Passkeys with FIDO Alliance.pptx

The State of Passkeys with FIDO Alliance.pptx

The State of Passkeys with FIDO Alliance.pptxLoriGlavin3

Zeshan Sattar- Assessing the skill requirements and industry expectations for...

Zeshan Sattar- Assessing the skill requirements and industry expectations for...

Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica

Connecting the Dots for Information Discovery.pdf

Connecting the Dots for Information Discovery.pdf

Connecting the Dots for Information Discovery.pdfNeo4j

Scale your database traffic with Read & Write split using MySQL Router

Scale your database traffic with Read & Write split using MySQL Router

Scale your database traffic with Read & Write split using MySQL RouterMydbops

A Journey Into the Emotions of Software Developers

A Journey Into the Emotions of Software Developers

A Journey Into the Emotions of Software DevelopersNicole Novielli

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability

Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica

Time Series Foundation Models - current state and future directions

Time Series Foundation Models - current state and future directions

Time Series Foundation Models - current state and future directionsNathaniel Shimoni

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal

Kürzlich hochgeladen (20)

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration

Emixa Mendix Meetup 11 April 2024 about Mendix Native development

Emixa Mendix Meetup 11 April 2024 about Mendix Native development

Emixa Mendix Meetup 11 April 2024 about Mendix Native development

Long journey of Ruby standard library at RubyConf AU 2024

Long journey of Ruby standard library at RubyConf AU 2024

Long journey of Ruby standard library at RubyConf AU 2024

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

React Native vs Ionic - The Best Mobile App Framework

React Native vs Ionic - The Best Mobile App Framework

React Native vs Ionic - The Best Mobile App Framework

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...

Moving Beyond Passwords: FIDO Paris Seminar.pdf

Moving Beyond Passwords: FIDO Paris Seminar.pdf

Moving Beyond Passwords: FIDO Paris Seminar.pdf

The State of Passkeys with FIDO Alliance.pptx

The State of Passkeys with FIDO Alliance.pptx

The State of Passkeys with FIDO Alliance.pptx

Zeshan Sattar- Assessing the skill requirements and industry expectations for...

Zeshan Sattar- Assessing the skill requirements and industry expectations for...

Zeshan Sattar- Assessing the skill requirements and industry expectations for...

Connecting the Dots for Information Discovery.pdf

Connecting the Dots for Information Discovery.pdf

Connecting the Dots for Information Discovery.pdf

Scale your database traffic with Read & Write split using MySQL Router

Scale your database traffic with Read & Write split using MySQL Router

Scale your database traffic with Read & Write split using MySQL Router

A Journey Into the Emotions of Software Developers

A Journey Into the Emotions of Software Developers

A Journey Into the Emotions of Software Developers

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability

Time Series Foundation Models - current state and future directions

Time Series Foundation Models - current state and future directions

Time Series Foundation Models - current state and future directions

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...

Pwning with XSS: from alert() to reverse shell: Defcon Banglore 2013

1.

2. • • • •

4. Xenotix HTTP Web Shell Proxy Web Server ATTACKER VICTIM GET http://facebook.com Serve the JavaScript File Facebook.com HTML page contents FB’s Server

5. SO.... Never Under Estimate the Power of XSS

6. ajinabrahamofficial ajinabrahamofficial ajinabraham ajinabraham ajin.abraham@owasp.org