SlideShare ist ein Scribd-Unternehmen logo

Zombilizing The Web Browser Via Flash Player 9

Als PPT, PDF herunterladen
T
thaidn

This document summarizes potential vulnerabilities in Adobe Flash Player 9 that could allow a malicious SWF file to bypass the same-origin policy and control a victim's web browser. It describes how the Flash Player Socket class could be used to perform port scanning or relay sockets without permission. It also explains how DNS spoofing could trick the Flash Player into granting a SWF file access to a different domain. An actual malware program called "FlashBot" is presented that leverages these techniques to turn infected browsers into a botnet to perform tasks instructed by a command and control server. Workarounds like disabling Flash or using a firewall are suggested to prevent exploitation.

Technologie
1 von 28
Zombilizing The Web Browers Via Flash Player 9 ,[object Object],[object Object],http://vnhacker.blogspot.com
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Flash Player 9 Socket class ,[object Object],[object Object]
Flash Player 9 Socket class ,[object Object],[object Object],Let's port nmap to ActionScript !
Flash Player 9 Socket class ,[object Object],[object Object],[object Object],[object Object],[object Object]
Same-Origin Policy ,[object Object],[object Object],[object Object]
Same-Origin Policy
Flash Player 9 Same-Origin Policy
Breaking the SOP: crossdomain.xml ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DNS Pinning Explained ,[object Object],[object Object]
DNS Pinning Explained ,[object Object],[object Object],[object Object],[object Object]
DNS Pinning ,[object Object],[object Object],[object Object],[object Object],[object Object]
Breaking the SOP: DNS Spoofing ,[object Object]
Breaking the SOP: DNS Spoofing ,[object Object],[object Object]
Breaking the SOP: DNS Spoofing ,[object Object],[object Object],[object Object]
Breaking the SOP: DNS Spoofing ,[object Object],[object Object],[object Object],[object Object]
Breaking the SOP: DNS Spoofing ,[object Object],[object Object],[object Object],[object Object],[object Object]
FlashBot 101 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How FlashBot works ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How FlashBot works ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How FlashBot works ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How FlashBot works ,[object Object],[object Object],[object Object],[object Object],[object Object]
Show Time! - set your DNS server to 221.133.4.24 - start Wireshark to see what you send out!
Demo 1: port scanning ,[object Object],[object Object],[object Object],[object Object]
Demo 2: socket relaying ,[object Object],[object Object],[object Object],[object Object]
Workarounds ,[object Object],[object Object],[object Object]
Thanks ,[object Object],[object Object],[object Object],[object Object],[object Object]
Zombilizing The Web Browers Via Flash Player 9 ,[object Object],[object Object],Thai N. Duong

Empfohlen

Dos threats and countermeasures
Dos threats and countermeasuresDos threats and countermeasures
Dos threats and countermeasuresn|u - The Open Security Community
 
Just curl it!
Just curl it!Just curl it!
Just curl it!Daniel Stenberg
 
Http3 fullstackfest-2019
Http3 fullstackfest-2019Http3 fullstackfest-2019
Http3 fullstackfest-2019Daniel Stenberg
 
Compression Oracle Attacks on VPN Networks
Compression Oracle Attacks on VPN NetworksCompression Oracle Attacks on VPN Networks
Compression Oracle Attacks on VPN NetworksPriyanka Aash
 
HTTP/3
HTTP/3HTTP/3
HTTP/3Daniel Stenberg
 
Null HYD VRTDOS
Null HYD VRTDOSNull HYD VRTDOS
Null HYD VRTDOSRaghunath G
 
Running At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSRunning At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSryan_huber
 
The Good News on Cryptography
The Good News on CryptographyThe Good News on Cryptography
The Good News on CryptographyMartijn Grooten
 

Empfohlen

Dos threats and countermeasures
Dos threats and countermeasuresDos threats and countermeasures
Dos threats and countermeasuresn|u - The Open Security Community
 
Just curl it!
Just curl it!Just curl it!
Just curl it!Daniel Stenberg
 
Http3 fullstackfest-2019
Http3 fullstackfest-2019Http3 fullstackfest-2019
Http3 fullstackfest-2019Daniel Stenberg
 
Compression Oracle Attacks on VPN Networks
Compression Oracle Attacks on VPN NetworksCompression Oracle Attacks on VPN Networks
Compression Oracle Attacks on VPN NetworksPriyanka Aash
 
HTTP/3
HTTP/3HTTP/3
HTTP/3Daniel Stenberg
 
Null HYD VRTDOS
Null HYD VRTDOSNull HYD VRTDOS
Null HYD VRTDOSRaghunath G
 
Running At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSRunning At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSryan_huber
 
The Good News on Cryptography
The Good News on CryptographyThe Good News on Cryptography
The Good News on CryptographyMartijn Grooten
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
curl better
curl bettercurl better
curl betterDaniel Stenberg
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the nameSecurity BSides London
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみたYutaka Ishizaki
 
HTTP/3 in curl 2020
HTTP/3 in curl 2020HTTP/3 in curl 2020
HTTP/3 in curl 2020Daniel Stenberg
 
I See You
I See YouI See You
I See YouAndrew Beard
 
9534715
95347159534715
9534715Pavel Odintsov
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Francois Marier
 
HTTP Basic - PHP
HTTP Basic - PHPHTTP Basic - PHP
HTTP Basic - PHPSulaeman .
 
HTTP/3 in curl
HTTP/3 in curlHTTP/3 in curl
HTTP/3 in curlDaniel Stenberg
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructureWP Engine
 
DDoS: practical survival
DDoS: practical survivalDDoS: practical survival
DDoS: practical survivalPositive Hack Days
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Owning the bad guys
Owning the bad guys Owning the bad guys
Owning the bad guys Santhosh Kumar
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Wrath of Ransomware_Longinus Timochenco
Wrath of Ransomware_Longinus TimochencoWrath of Ransomware_Longinus Timochenco
Wrath of Ransomware_Longinus TimochencoLonginus Timochenco
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
Browser Security
Browser SecurityBrowser Security
Browser SecurityRoberto Suggi Liverani
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakeskuza55
 

Weitere ähnliche Inhalte

Was ist angesagt?

Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみたYutaka Ishizaki
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Francois Marier
 
HTTP Basic - PHP
HTTP Basic - PHPHTTP Basic - PHP
HTTP Basic - PHPSulaeman .
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructureWP Engine
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Wrath of Ransomware_Longinus Timochenco
Wrath of Ransomware_Longinus TimochencoWrath of Ransomware_Longinus Timochenco
Wrath of Ransomware_Longinus TimochencoLonginus Timochenco
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 

Was ist angesagt? (20)

Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy Style
 
curl better
curl bettercurl better
curl better
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみた
 
HTTP/3 in curl 2020
HTTP/3 in curl 2020HTTP/3 in curl 2020
HTTP/3 in curl 2020
 
I See You
I See YouI See You
I See You
 
9534715
95347159534715
9534715
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015
 
HTTP Basic - PHP
HTTP Basic - PHPHTTP Basic - PHP
HTTP Basic - PHP
 
HTTP/3 in curl
HTTP/3 in curlHTTP/3 in curl
HTTP/3 in curl
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
 
DDoS: practical survival
DDoS: practical survivalDDoS: practical survival
DDoS: practical survival
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Owning the bad guys
Owning the bad guys Owning the bad guys
Owning the bad guys
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Wrath of Ransomware_Longinus Timochenco
Wrath of Ransomware_Longinus TimochencoWrath of Ransomware_Longinus Timochenco
Wrath of Ransomware_Longinus Timochenco
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 

Ähnlich wie Zombilizing The Web Browser Via Flash Player 9

Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakeskuza55
 
Flash Security, OWASP Chennai
Flash Security, OWASP ChennaiFlash Security, OWASP Chennai
Flash Security, OWASP Chennailavakumark
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakesguest2821a2
 
FMS Administration Seminar
FMS Administration SeminarFMS Administration Seminar
FMS Administration SeminarYoss Cohen
 
Ch 22: Web Hosting and Internet Servers
Ch 22: Web Hosting and Internet ServersCh 22: Web Hosting and Internet Servers
Ch 22: Web Hosting and Internet Serverswebhostingguy
 
Mashups MAX 360|MAX 2008 Unconference
Mashups MAX 360|MAX 2008 UnconferenceMashups MAX 360|MAX 2008 Unconference
Mashups MAX 360|MAX 2008 UnconferenceElad Elrom
 
Orange is the new blue: How to port Chrome Extension to Firefox Extension
Orange is the new blue: How to port Chrome Extension to Firefox ExtensionOrange is the new blue: How to port Chrome Extension to Firefox Extension
Orange is the new blue: How to port Chrome Extension to Firefox Extensionchaykaborya
 
Usint Charles Proxy to understand REST
Usint Charles Proxy to understand RESTUsint Charles Proxy to understand REST
Usint Charles Proxy to understand RESTAnatoliy Odukha
 
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash AppsOwasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Appsguestb0af15
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsFelipe Prado
 
May proxy be_with_you
May proxy be_with_youMay proxy be_with_you
May proxy be_with_youHimani Singh
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkSecurityTube.Net
 
Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5DefconRussia
 
HTML5 vs Silverlight
HTML5 vs SilverlightHTML5 vs Silverlight
HTML5 vs SilverlightMatt Casto
 
Apache web server installation/configuration, Virtual Hosting
Apache web server installation/configuration, Virtual HostingApache web server installation/configuration, Virtual Hosting
Apache web server installation/configuration, Virtual Hostingwebhostingguy
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network ProposalChris Riccio
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawEC-Council
 

Ähnlich wie Zombilizing The Web Browser Via Flash Player 9 (20)

Browser Security
Browser SecurityBrowser Security
Browser Security
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakes
 
Flash Security, OWASP Chennai
Flash Security, OWASP ChennaiFlash Security, OWASP Chennai
Flash Security, OWASP Chennai
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakes
 
FMS Administration Seminar
FMS Administration SeminarFMS Administration Seminar
FMS Administration Seminar
 
Chapter 2 - Application Layer
Chapter 2 - Application LayerChapter 2 - Application Layer
Chapter 2 - Application Layer
 
Ch 22: Web Hosting and Internet Servers
Ch 22: Web Hosting and Internet ServersCh 22: Web Hosting and Internet Servers
Ch 22: Web Hosting and Internet Servers
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Mashups MAX 360|MAX 2008 Unconference
Mashups MAX 360|MAX 2008 UnconferenceMashups MAX 360|MAX 2008 Unconference
Mashups MAX 360|MAX 2008 Unconference
 
Orange is the new blue: How to port Chrome Extension to Firefox Extension
Orange is the new blue: How to port Chrome Extension to Firefox ExtensionOrange is the new blue: How to port Chrome Extension to Firefox Extension
Orange is the new blue: How to port Chrome Extension to Firefox Extension
 
Usint Charles Proxy to understand REST
Usint Charles Proxy to understand RESTUsint Charles Proxy to understand REST
Usint Charles Proxy to understand REST
 
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash AppsOwasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
Owasp Wasc App Sec2007 San Jose Finding Vulnsin Flash Apps
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
 
May proxy be_with_you
May proxy be_with_youMay proxy be_with_you
May proxy be_with_you
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and Drink
 
Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5
 
HTML5 vs Silverlight
HTML5 vs SilverlightHTML5 vs Silverlight
HTML5 vs Silverlight
 
Apache web server installation/configuration, Virtual Hosting
Apache web server installation/configuration, Virtual HostingApache web server installation/configuration, Virtual Hosting
Apache web server installation/configuration, Virtual Hosting
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network Proposal
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
 

Kürzlich hochgeladen

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Zombilizing The Web Browser Via Flash Player 9

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 8. Flash Player 9 Same-Origin Policy
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. Show Time! - set your DNS server to 221.133.4.24 - start Wireshark to see what you send out!
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.