Hackers of India

Hacking with Images - Evil Pictures

By Saumil Shah on 23 Oct 2014 @ Hacklu
πŸ“Š Presentation πŸ”— Link
#red-teaming #steganography #application-pentesting #browser-security #dynamic-analysis #exploit-delivery
Focus Areas: πŸ” Application Security , 🦠 Malware Analysis , 🎯 Penetration Testing , 🌐 Web Application Security
This talk covers technique(s) listed below
STEGOSPLOIT

Presentation Material

Hacking with Pictures - Hack.LU 2014 from Saumil Shah

Abstract

This talk is put together with bits and pieces of my research in advanced exploit delivery mechanisms. What you see on your browser may not always be a pretty picture. In this talk, we explore how images can be used as active exploits. By shifting evil payloads to images, it is possible to defeat even the most sophisticated systems of threat detection. We shall see how exploits can be encoded in image pixels, executing Javascript through images, and lastly how vector images are being used in browser heap memory manipulation.