HackingExposed: Web.20

Authors: Rich Cannings, Himanshu Dwivedi, Zane Lackey
Contributing Authors: Alex Stamos and Chris Clark
ISBN: 0071494618

Security Tools
Sample Attack Pages
Security Presentations
Book Updates

Security Tools:
HistoryThief
HistoryThief is a modified version of JavaScript History Thief.

SecureIE.ActiveX
SecureIE.ActiveX is a tool that analyzes several ActiveX security settings on IE6 and IE7.

Sample Attack Files:

Malicious JavaScript:http://labs.isecpartners.com/HackingExposedWeb20/XHR.htm
Forces the browser to submit a GET to a URL of the attacker’s choice (labs.isecpartners.com/HackingExposedWeb20/isecpartners.htm)
ActiveX: http://labs.isecpartners.com/HackingExposedWeb20/activex.cepted.htm
ActiveX.cepted is an ActiveX control that leverages IE.The example control will invoke the Shell.Explorer class ID, which opens a web browser within the browser itself.
ActiveX: http://labs.isecpartners.com/HackingExposedWeb20/activex.stream.htm
Hostile ActiveX control that creates a file on the user’s operating system (c:\HackingExposed20.txt). It will also invoke a new browser within the existing browser, which will automatically visit www.isecpartners.com (out of visable view).

VoIP Security Presentations:

Attacking Web 2.0 Applications
Web 2.0 security presentation delivered at Web 2.0 conference (Alex Stamos)

Book Updates:

Flash XSS Vulnerabilities

WORK WITH iSEC PARTNERS

iSEC Partners is always looking to expand its team of experienced technical professionals and continue to provide best-of-breed security solutions to its Fortune-100 customers.

If you are an experienced security researcher, developer, or consultant, please send an ASCII, PDF, or HTML resume to:

careers@isecpartners.com

HackingExposed: Web.20

WORK WITH iSEC PARTNERS

BOOKS & WHITEPAPERS

Secure Session Management With Cookies for Web Applications

Exposing Vulnerabilities in Media Software

"Exposing Vulnerabilities in Media Software"

CUSTOM TOOLS