Driving Behavioral Change for Information Management through Data-Driven Gree...
Layer8 exploitation: Lock'n Load Target
1. www.cdicconference.com
“Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity”
อ. ประธาน พงศ์ทิพย์ฤกษ์
SANS GIAC GPEN, eCPPT, ECSA, CEH, CPTS, CIW Security Analyst, CWNA, CWSP, Security+, ITIL-F
Section Manager, Senior Information Security Consultant
อ. สุทธาพงศ์ วราอัศวปติ
Information Security Consultant
1
10. PWN2OWN: Result
Google Chrome is the first browser to fail at
pwn2own
Bypass DEP/ASLR
Bypass Sandbox
Internet Explorer 9 is the second browser
It will work on IE6-10 on Window 8
Firefox 10.0.2 is the Third browser
Bypass DEP/ASLR
Heap spray Exploit
10 15
15. Document Metadata
Most document formats include a significant
amount of metadata (data about data)
Information sometimes included in metadata
Usernames
Operating Systems
Network info
Internal Server info
Device info
Software version
15 20
16. Document Types that are Rich
in Metadata
Most types of documents have some metadata
in them, but the following types are often
especially interesting
16 21