Browsers are an excellent and ubiquitous tool for accessing and sharing information. With their wide feature set, it's sometimes overlooked that they are in fact tools for remotely executing code on a user, or in our case, target's system, and can play a strong role in the overall infrastructure of a network. In this talk, we'll learn how an attacker can abuse the browser and network in order to remotely access any TCP/UDP service bound to that victim's machine, entirely bypassing the victim’s NAT and firewall, providing arbitrary firewall pinhole control, simply by the victim visiting a website.
Samy Kamkar
Openpath, Co-founder
Samy Kamkar is an American privacy and security researcher, computer hacker, whistleblower and entrepreneur. At the age of 16, Kamkar dropped out of high school and one year later, co-founded Fonality, a unified communications company based on open source software, which raised over $46 million in private funding. He is possibly best known for creating and releasing the fastest spreading virus of all time, the MySpace worm Samy, and being subsequently raided for it by the United States Secret Service, under the Patriot Act. He is also known for creating SkyJack, a custom drone which hacks into any nearby Parrot drones allowing them to be controlled by its operator and for creating the Evercookie, which appeared in a top-secret NSA document revealed by Edward Snowden and on the front page of The New York Times. He is also known for his work with The Wall Street Journal and his discovery of the illicit mobile phone tracking where the Apple iPhone, Google Android and Microsoft Windows Phone mobile devices transmit GPS and Wi-Fi information to their parent companies. His mobile research led to a series of class-action lawsuits against the companies and a privacy hearing on Capitol Hill.
[ Ссылка ]
