<p>Browsers, client applications and web functionality are becoming more and more complex as time goes on. In this presentation, Kevin Johnson and Mike Poor of InGuardians will discuss how instead of focusing on 0-day exploits, attackers and penetration testers are able to use the features of our systems against us. They will explore the usage of browser hooks, client provided content and malicious flash applications all in attacking client machines and organizations. During this talk, Kevin and Mike will be debuting tools that they have developed in house to exploit the functionality of these clients. This talk focuses on providing the audience with an understanding of the attacks, examples (including code) of how the attacks are accomplished and copies of the tools used.</p>