Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

Nicolas Gregoire (Founder, Agarri)

PRESENTATION TITLE: Attacking XML Processing

PRESENTATION ABSTRACT:

Documenting more than a year of research in XML technologies, this talk will detail security implications of the XML format and its processing practices.

Discussed targets range from browsers to enterprise-level security solutions and web-service back-ends. Several key technologies will be addressed: XML grammar aka DTD, homo-iconicity and self-contained dynamic SVG images, design and implementation vulnerabilities in XSLT and XPath engines, in-memory exploitation of Java-based XSLT engines, XML databases and many more … PoC code has and will systematically be released for every (patched) vulnerability.

The goal of this presentation is to document and publicize state of the art attacks including:

- Data obfuscation in XML containers (Adobe, VLC, …)
- DTD manipulation used to read (possibly binary) files, steal hashes or generate XSS
- Dangerous extensions in newly studied XSLT and XQuery engines (Adobe, Oracle, XT, 4Suite, …)
- Grammar and mutation-based fuzzing of XPath and XSLT engines
- Bizarre combination of grammar, data, code and markup in a single XML file
- How to trigger XSLT code in security protocols (SAML, WS-Security, …)
- Advanced in-memory exploitation of Java based XSLT engines

ABOUT NICOLAS GREGOIRE

Nicolas Grégoire has worked in Information Security for more than ten years. After initially jobbing in a start-up, he spent 4 years doing full-time pen-testing as a consultant. Afterwards, he moved into the nice region of Luberon and became an internal security auditor for one of largest French PKI.

In early 2011, he left this job to create Agarri, a small company dedicated to the offensive side of information security : pen-testing, white / gray / black-box audit, code review, vulnerability research, trainings, etc. Since then, he published several vulnerabilities in well-known high-profile products such as Webkit, PHP, DotNetNuke, VMware ESX, Excel, HP SAN appliances, … His current research focus is XML technologies at large.

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

<<
( / 10 )
>>