Blind XSS

DEF CON 20

Presented by: Adam Baldwin
Date: Friday July 27, 2012
Time: 17:30 - 17:50
Location: Track 4 / Turbo

This talk will announce the release and demonstrate the xss.io toolkit. xss.io is a platform to help ease cross-site scripting (xss) exploitation and specifically for this talk identification of blind xss vectors. Think drag and drop exploits post xss vuln identification. For blind xss, xss.io is a callback and hook manager for intel collected by executed and non-executed but accessed payloads.

Adam Baldwin

Adam "EvilPacket" Baldwin Adam Baldwin has over 10+ years of mostly self-taught computer security experience and currently is the Chief Security Officer at &yet. He at one time possessed a GCIA and if his CPE's are up to date should still have a CISSP. Prior to starting at &yet, Adam operated a security consultancy, nGenuity and worked for Symantec. Adam is a minor contributor to the W3AF project, creator of the DVCS pillaging toolkit, helmet: the security header middleware for node.js, and has previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf. Twitter: @adam_baldwin http://evilpacket.net


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats