Description: Hacking client side protection systems (sandboxes, internet security suites, financial endpoint protection systems) with malicious browser extensions.
In 2012 I have created and published proof-of-concept malicious browser extensions for Firefox, Chrome and Safari. With these, one can steal cookies, passwords, spy on webcam, use the browser as a proxy, change financial transactions in the background, steal files, and many more malicious things. In this presentation I will investigate the internet security suites, "safe browsers", sandboxes and how they (don't) protect against malicious browser extensions running in user space. In the second part of the presentation I will hack the "financial endpoint protection systems" usually offered by financial institutions with phrases like "Use this and you'll be safe".
My presentation will be about a unique research on how the "hacking game" is shifting from the operating system to the browser, how the current solutions work and how they can be circumvented. Three hacking demos will be shown, two including Paypal.
Tags: firefox , secure-browsers , sandboxes ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.