OWASP Louisville Meeting Announcement

Meeting: Louisville OWASP – Nov 11th , 11:30 AM – 1 PM

Meeting Location:
Sullivan University Campus, 3101 Bardstown Road, Room 254, Louisville KY 40205 – (about 15 minutes from the airport…on I-264 East)

When you arrive at the University’s main building, Drive around past the front visitor’s doors to the parking area on the right side of the Main Building. Room 254 can be accessed via a back stairway near a break area on the back right-hand side of the building, very easy to spot.

Desktop Betrayal: Exploiting Clients through the Features They Demand
In this talk, Tom Eston will explore the use of client features to gain privileged access to client systems. During previous talks around social networks, Tom Eston and fellow security researcher Kevin Johnson discovered that most of the damage they could perform against a target didn’t use an exploit against any vulnerable system. Tom and Kevin were able to create various attacks that made use of features being used on client machines. While this talk will not disclose any vulnerabilities within popular client software, Tom will be releasing multiple attacks that use these clients against their users. Tom will be discussing attacks using JavaScript, HTML5, PDF files, Flash, Data URIs, Web Workers and more. Tom will also discuss code to perform these attacks as well as add-ons to popular tools such as BeEF (Browser Exploitation Framework) that will enable these tools to make use of the attacks.

Tom Eston is the manager of the SecureState Profiling Team. Tom leads a team of highly skilled penetration testers that provides attack and penetration testing services for SecureState’s clients. Tom focuses much of his research on new technologies such as social media, mobile devices and new web technology. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including DerbyCon, Notacon, OWASP AppSec, Black Hat USA, DEFCON and ShmooCon.

Tagged with:
Posted in AppSec, Computers, OWASP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: