Dominique Righetto | Voxxed Days Luxembourg

Dominique Righetto
Dominique Righetto Twitter

From Excellium

Software developer that has moved to the application security side. Open source addict and contributor to several project or intitatives.

https://www.linkedin.com/in/righettod

Blog: http://www.righettod.eu

archisec Architecture, Performance et Securité

Abusing web browsers for fun and profit

Tools-in-Action

The presentation have for objective to present an example of use of the browser technical possibilities from an offensive security point of view. Precisely, the presentation will describe how a simple visit on a web site can be used, without any exploit or web browser vulnerability exploitation, to gather information in order to identify an attack surface/vector on the victim environment. Gathered information range will start from plugins, continue by network allowed communication and reach information like web gateway allowed site categories, allowed download files, web gateway error pages...The underlying objective is to show the amount of information that are available by simply using html and javascript features in the "reconnaissance" phase of an attack (attack preparation and target profiling).