Loading...

DEFCON 20: Blind XSS

3,914 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Nov 17, 2012

Speaker: ADAM "EVILPACKET" BALDWIN CHIEF SECURITY OFFICER, &YET

This talk will announce the release and demonstrate the xss.io toolkit. xss.io is a platform to help ease cross-site scripting (xss) exploitation and specifically for this talk identification of blind xss vectors. Think drag and drop exploits post xss vuln identification. For blind xss, xss.io is a callback and hook manager for intel collected by executed and non-executed but accessed payloads.

Adam "EvilPacket" Baldwin Adam Baldwin has over 10+ years of mostly self-taught computer security experience and currently is the Chief Security Officer at &yet. He at one time possessed a GCIA and if his CPE's are up to date should still have a CISSP. Prior to starting at &yet, Adam operated a security consultancy, nGenuity and worked for Symantec. Adam is a minor contributor to the W3AF project, creator of the DVCS pillaging toolkit, helmet: the security header middleware for node.js, and has previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf.
Twitter: @adam_baldwin
http://evilpacket.net

For more information visit: http://bit.ly/defcon20_information
To download the video visit: http://bit.ly/defcon20_videos
Playlist DEFCON 20: http://bit.ly/defcon20_playlist

Loading...


to add this to Watch Later

Add to

Loading playlists...