Dominique Righetto
From Excellium
Software developer that has moved to the application security side. Open source addict and contributor to several project or intitatives.
https://www.linkedin.com/in/righettod
Blog: http://www.righettod.eu
Abusing web browsers for fun and profit
The presentation have for objective to present an example of use of the browser technical possibilities from an offensive security point of view. Precisely, the presentation will describe how a simple visit on a web site can be used, without any exploit or web browser vulnerability exploitation, to gather information in order to identify an attack surface/vector on the victim environment. Gathered information range will start from plugins, continue by network allowed communication and reach information like web gateway allowed site categories, allowed download files, web gateway error pages...The underlying objective is to show the amount of information that are available by simply using html and javascript features in the "reconnaissance" phase of an attack (attack preparation and target profiling).