The talk I will be presenting is entirely my own work of research. While identifying vulnerabilities in web applications and participate in various bug bounty programs is interesting, I enjoy targeting platforms which are less popular as research topics. Having said that, while security for browsers is a known topic, I’ve been able to identify, through my research, several vulnerabilities which will help to secure it further.
The issues I will be talking about during this talk would be – Same Origin Policy(SOP), Remote Code Execution(RCE) and Address Bar Spoofing (ABS). These vulnerabilities, along with the attack scenarios are something which I’ve created through my research. I’ve also created from scratch, an exploit which can be used across several browsers for the same vulnerability. I will be showcasing multiple Metasploit module and a tool BFuzz which where created during my research.
- SPEAKER Dhiraj Mishra