We Have You by the Gadgets

DEF CON 20

Presented by: Toby Kohlenberg, Mickey Shkatov
Date: Sunday July 29, 2012
Time: 10:00 - 10:50
Location: Track 4 / Turbo

Why send someone an executable when you can just send them a sidebar gadget? We will be talking about the windows gadget platform and what the nastyness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of.

We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets.

Mickey Shkatov

Mickey Shkatov AKA "Laplinker" , is a proud DC9723 member, not a Mossad agent, a breaker of code, a researcher of vulnerabilities that will never see the light of day, a lunatic and a fun guy to drink with. Twitter: @laplinker http://www.laplinker.com

Toby Kohlenberg

Toby Kohlenberg is an opinionated loud mouth who occasionally has interesting insights and useful things to say about a wide variety of information security topics. He's worked on a large number of different technologies in the information security space. Past speaker at: T2, Shmoocon, Toorcon Seattle, PacSec and CanSecWest.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats