Abusing HTML5 + Striking back at polymorphic viruses

  • August 8, 2013 · 6:00 PM

Talk 1. Abusing HTML5

The spike of i{Phone, Pod Touch, Pad}, Android, and other mobile devices has spurred the growth and interest in HTML5. The power of HTML5 allows developers to create almost full-fledged web applications, not just structured content.

HTML5's new features has increased the attack surface. It has been demonstrated that the HTML5 offline application cache can be abused. In addition, the support for client-side storage will open up the opportunity for SQL injection attack on client machines. There has been chatter regarding the new attack opportunities that audio, video, and canvas tags will present, considering they require JavaScript and image-related functions such as SVG.

This presentation will demonstrate the issues of HTML5 and how they can be abused and mitigated with good-old techniques. This presentation will also delve into the writing malicious web pages with web workers, abusing cross-origin JavaScript requests, how not to do cross-document messaging, and abusing geolocation.  


Bio

Ming Chow is a Lecturer at the Tufts University Department of Computer Science. His areas of work are in web and mobile engineering, web security, and game development. He was also a web application developer for ten years at Harvard University. Ming has spoken at numerous organizations and conferences including the High Technology Crime Investigation Association - New England Chapter (HTCIA-NE), the Massachusetts Office of the Attorney General (AGO), John Hancock, OWASP, InfoSec World (2011 and 2012), DEF CON 19 (2011), the Design Automation Conference (2011), and Intel.  

 

 

 

 

Talk 2. File disinfection framework: Striking back at polymorphic viruses

Polymorphic viruses make up an ever-increasing percentage of daily malware collections. The sophistication of these attacks significantly exceeds the capabilities of existing classification and handling solutions. The situation goes from bad to worse when we attempt the most complicated part of incident response, file disinfection and remediation.

To combat this problem we've created a new open source project, the File Disinfection Framework (FDF), built on top of a new generation of TitanEngine and tailored specifically to aid in solving these hard problems. FDF combines both static analysis and emulation to enable users to rapidly switch between modes of operation to use the best features of each approach. Highly advanced static functions are hidden behind a simple and easy-to-use program interface that enables the broad range of capabilities that are required for decryption, decompression and disinfection. Their complement is a set of functions that enable quick and very customizable emulation. For the first time, analysts will have the ability to truly see and control everything that happens inside the emulated environment. They can run high level code inside the context of the emulated process to influence objects and files and direct the execution flow.

 

 

Bio

Mario Vuksan has been involved in development of advanced security solutions for the last seven years and has rich engineering background spanning the last 20 years. Before founding ReversingLabs, Mario was the Director of Research at Bit9 and one of its founding engineers. He spoke at numerous conferences over the last 6 years including CEIC, Black Hat, RSA, Defcon, Caro Workshop, Virus Bulletin and AVAR Conferences. He is author of numerous blog posts on security and has authored "Protection in Untrusted Environments" chapter for the "Virtualization for Security" book. He coordinates AMTSO Advisory Board and works with IEEE Malware Working Group.

 

Tool of the month by Dawn Carroll

Demo of Ophcrack.  Ophcrack is the Windows password cracker which attempts to break hashes based on rainbow tables.

 


Show Schedule

6:00 - 6:30: networking/beer/pizza

6:30 - 6:45: Lulzy News by Akshat

6:45 - 7:00: Tool of the Month

7:00 - 7:30: Abusing HTML5

7:30 - 8:00: Striking back at polymorphic viruses

8:00+ Finish off beers and go home!

 

How to find us

 

Join or login to comment.

  • Chris F

    Pizza this time? Last time I had to eat my backup apple. Thanks.

    August 7, 2013

    • Lucy M.

      Yes there will be pizza tonight.

      August 8, 2013

    • Chris F

      And it was very good, thanks.

      August 15, 2013

  • Chris F

    The woman who did the tool of the month presentation was really good, please book her going forward. (The previous guy was just not a good public speaker.) The first presentation was technically over my head. The second presenter was good, and his material was interesting.

    2 · August 15, 2013

  • Lucy M.

    Thanks to Dawn, Mario and Ming for the great talks tonight! I learned something new in each one.

    2 · August 8, 2013

  • Benjamin H.

    elevator.up('6')? First, why is it string input? Second, why does it only go up 5 floors?

    D- see me after class.

    1 · August 8, 2013

    • Bobby C.

      elevator.up('6; drop table students')

      1 · August 8, 2013

  • Benjamin H.

    And this is the paper on html5 timing attacks that can leak text out of an iframe. http://contextis.co.uk/files/Browser_Timing_Attacks.pdf

    2 · August 8, 2013

  • James O.

    Unfortunately, I won't be able to make it after all. Hope to be at the next one. If folks are interested there is a PGP hands on workshop on the 24th at Encuentro 5, 9 Hamilton St. #2A, Boston at 1pm. More at http://masspirates.org/blog/2013/08/06/cryptoparty/

    August 8, 2013

  • Jane M.

    Something came up and I can't make it. Hope to catch the next one!

    August 8, 2013

  • Valentina

    My name s Valentina and I would like to join the meeting tonight.

    August 8, 2013

  • flox2005

    Is parking available?

    August 8, 2013

  • Eric Y.

    Steve M

    August 8, 2013

  • Bruce V.

    Thx

    August 8, 2013

  • Tom C.

    Wish I could be there!

    August 8, 2013

  • Bethany B.

    It took me an hour and a half to get to the meeting last time due to some nasty traffic. I came from the Metrowest area, which if there is no traffic takes about a half hour to get to Cambridge. A word to the wise, if you are coming from this far away, leave at least an hour an a half of time to get there. Maybe traffic will be better this time since the students are home for the summer and people are heading towards the cape, not Boston.

    1 · August 8, 2013

    • Lucy M.

      Thanks for the tip Bethany. There is a lot of road construction going on in summer so allowing extra time is a good idea. There is a lot of metered parking in the area when you arrive but it never hurts to have extra time to find a space, too. A fun night of security talks awaits you!

      August 8, 2013

  • Rob R.

    Sorry to be missing this one. I always enjoy these meetings.

    August 6, 2013

  • Bethany B.

    I'm an IT professional looking for a new job. Since the last meeting I have learned about some basic web application attacks and how to prevent them. I am an enthusiastic learner dedicated to pursuing a career in information security. See everyone on Thursday!!

    1 · August 6, 2013

  • A former member
    A former member

    I'm excited to make my first Boston Security Meetup

    August 5, 2013

  • Frank Q.

    Sorry to miss the August mtg. I'll be at SANS conference. Hope to see everyone in September!

    August 1, 2013

  • John B.

    Which floor?

    August 1, 2013

  • A former member
    A former member

    Looking forward to it. It's my first meeting.

    July 22, 2013

79 went

Our Sponsors

  • Google

    Generously providing hosting and support for the BSM events.

  • ComplianceChimp

    Generously providing funding and support for the BSM events.

People in this
Meetup are also in:

Create a Meetup Group and meet new people

Get started Learn more
Allison

Meetup has allowed me to meet people I wouldn't have met naturally - they're totally different than me.

Allison, started Women's Adventure Travel

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy