Rosario Valotta (Tentacolo Viola)

Presentation Title CookieJacking
Presentation Abstract

Clickjacking attacks have been widely adopted by attackers worldwide on popular websites (eg Facebook) in order to perform some drive to download attacks,click forging, message sending and so on.

In previous works on the same matter, new approaches on UI redressing attacks emerged, showing the possibility to steal victims webpage contents. In this presentation I will demonstrate a new kind of attack that can be used to exploit a 0-day vulnerability affecting all Internet Explorer versions over every Windows OS installation. The attack leverages on a UI redressing approach and allows an attacker to steal session cookies of from whatever site a victim is visiting. This new approach really moves UI redressing attacks a step further.

Presentation Overview

- Quick background on IE zones security policies
- Discussion of the 0day vulnerability of IE
- Brief clickjacking overview
- Description of the attack combo used to exploit the vulnerability
- Description of JS tricks used in the implementation of a PoC
- Live working demo

About Rosario Valotta

Rosario Valotta is an IT security professional with over 10 years experience. He has been actively finding vulnerabilities and exploits since 2007 and has released a bunch of advisories including:

- Nduja connection, the first cross webmail XSS worm
- Memova exploit, affecting over 40 millions users worldwide
- Outlook web access for Exchange CSRF vulnerability

You can find the complete list on his blog: http://sites.google.com/site/tentacoloviola/