Enviar pesquisa
Carregar
Album De Fotos
•
Transferir como PPS, PDF
•
0 gostou
•
278 visualizações
D
Dolores Galván
Seguir
Conferencia 19/11/2009
Leia menos
Leia mais
Tecnologia
Turismo
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 20
Baixar agora
Recomendados
Centro de Gravedad Transporte Terrestre
Centro de Gravedad Transporte Terrestre
RENEAVC1
Leaflet of practical ideas for students at Holy Trinity Platt church (Manchester, UK) to use their summer to cultivate spiritual growth.
Summer Soul Food
Summer Soul Food
guestf93a2a
Ziegler's Spectrum
Ziegler's Spectrum
guest9ab010
I thought you were my friend - Malicious Markup
I thought you were my friend - Malicious Markup
Mario Heiderich
4 seasons
4 seasons
sata
I jump out of bed in the morning
I jump out of bed in the morning
guest88205d
Generic Attack Detection - ph-Neutral 0x7d8
Generic Attack Detection - ph-Neutral 0x7d8
Mario Heiderich
The Ultimate IDS Smackdown
The Ultimate IDS Smackdown
Mario Heiderich
Recomendados
Centro de Gravedad Transporte Terrestre
Centro de Gravedad Transporte Terrestre
RENEAVC1
Leaflet of practical ideas for students at Holy Trinity Platt church (Manchester, UK) to use their summer to cultivate spiritual growth.
Summer Soul Food
Summer Soul Food
guestf93a2a
Ziegler's Spectrum
Ziegler's Spectrum
guest9ab010
I thought you were my friend - Malicious Markup
I thought you were my friend - Malicious Markup
Mario Heiderich
4 seasons
4 seasons
sata
I jump out of bed in the morning
I jump out of bed in the morning
guest88205d
Generic Attack Detection - ph-Neutral 0x7d8
Generic Attack Detection - ph-Neutral 0x7d8
Mario Heiderich
The Ultimate IDS Smackdown
The Ultimate IDS Smackdown
Mario Heiderich
The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010
Mario Heiderich
JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
Mario Heiderich
Gestione della produzione: dall’acquisizione dei dati al controllo dei processi Vai su www.sata.it per saperne di piu'
Gestione della commessa
Gestione della commessa
sata
This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities - every single f***** one of them. We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further. The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem - with a strong focus on feasibility and scalability.
The innerHTML Apocalypse
The innerHTML Apocalypse
Mario Heiderich
JavaScript From Hell - CONFidence 2.0 2009
JavaScript From Hell - CONFidence 2.0 2009
Mario Heiderich
ECMAScript 6, in short ES6, has been boiling in a copper pot for many years by now and step-by-step, browser vendors come forward to taste the first sips of this mystery soup. So, ES6 is no longer a theoretic language but already crawled across the doorstep and now lurks under your bed, ready for the nasty, waiting for the right moment to bite. Now, what is this whole ES6 thing? How did it develop and who made it? And why is it now implemented in your favorite browser? And what does it mean for web-security and beyond? This talk will answer these questions and showcase the new language from an attacker's perspective. You will see the new code constructs possible to be executed with ES6, new attack vectors and learn what you can do to tame that beast. Kafkaesque terminology such as expression interpolation, proper tail calls, computed properties, spread parameters, modules and tagged template strings will no longer be surprising you after attending this talk.
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
Mario Heiderich
The clipboard is one of the most commonly used tools across operating systems, window managers and devices. Pressing Ctrl-C and Ctrl-V has become so fundamentally important to productivity and usability that we cannot get rid of it anymore. We happily and often thoughtlessly copy things from one source and paste them into another. URLs into address-bars, lengthy commands into console windows, text segments into web editors and mail interfaces. And we never worry about security when doing so. Because what could possibly go wrong, right? But have we ever asked ourselves what the clipboard content actually consists of? Do we really know what it contains? And are we aware of the consequences a thoughtless copy&paste interaction can have? Who else can control the contents of the clipboard? Is it really just us doing Ctrl-C or is there other forces in the realm who are able to infect what we believe to be clean, who can desecrate what we trust so blindly that we never question or observe it? This talk is about the clipboard and the technical details behind it. How it works, what it really contains – and who can influence its complex range of contents. We will learn about a new breed of targeted attacks, including cross-application XSS from PDF, ODT, DOC and XPS that allow to steal website accounts faster than you can click, turn your excel sheet into a monster and learn about ways to smuggle creepy payload that is hidden from sight until it executes. Oh, and we’ll also see what can be done about that and what defensive measures we achieved to create so far.
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Mario Heiderich
Scriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the Sill
Mario Heiderich
About the Security Adventures with the "Super-Hero" Framework - a talk by Mario Heiderich
An Abusive Relationship with AngularJS
An Abusive Relationship with AngularJS
Mario Heiderich
A journey into the moldy layer between HTML and JavaScript
In the DOM, no one will hear you scream
In the DOM, no one will hear you scream
Mario Heiderich
La Revolución Digital del siglo XXI ha sido un fenómeno de transformación sin precedentes, caracterizado por la rápida adopción y avance de tecnologías digitales en todos los ámbitos de la sociedad.
EVOLUCION DE LA TECNOLOGIA Y SUS ASPECTOSpptx
EVOLUCION DE LA TECNOLOGIA Y SUS ASPECTOSpptx
JorgeParada26
Eyvana Zabaleta María José Cerpa Nicolle Dejanon Zulay Daza
Avances tecnológicos del siglo XXI 10-07 eyvana
Avances tecnológicos del siglo XXI 10-07 eyvana
mcerpam
Innovaciones tecnologicas en el siglo 21
Innovaciones tecnologicas en el siglo 21
Innovaciones tecnologicas en el siglo 21
mariacbr99
Presentación de MuleSoft Meetup Buenos Aires 30/04/2024
Buenos_Aires_Meetup_Redis_20240430_.pptx
Buenos_Aires_Meetup_Redis_20240430_.pptx
Federico Castellari
How to use Redis with MuleSoft. Basic cache concepts.
How to use Redis with MuleSoft. A quick start presentation.
How to use Redis with MuleSoft. A quick start presentation.
FlorenciaCattelani
Guía básica sobre circuitos eléctricos
Guia Basica para bachillerato de Circuitos Basicos
Guia Basica para bachillerato de Circuitos Basicos
JhonJairoRodriguezCe
Este es un documento el cual podemos conocer la tecnología y como está ha avanzado con el tiempo.
Avances tecnológicos del siglo XXI y ejemplos de estos
Avances tecnológicos del siglo XXI y ejemplos de estos
sgonzalezp1
avances tecnológicos del siglo XXI
investigación de los Avances tecnológicos del siglo XXI
investigación de los Avances tecnológicos del siglo XXI
hmpuellon
La sensibilidad al cobre por parte de microorganismos biolixiviadores es uno de los principales problemas que enfrenta la minería para mejorar los procesos de biolixiviación. En tal sentido, nosotros evaluamos la resistencia al cobre de un consorcio microbiano conformado por Sulfobacillus spp., y Acidithiobacillus ferrooxidans, el cual se propagó, en bioreactores de tanque aireado y agitado de 1 L, los cuales contenían medio 9K suplementado con hierro y concentraciones crecientes de cobre (200 mM, 400 mM, 600 mM, 800 mM y 1,000 mM) a 30°C con un pH de 1.6 durante 96 horas. Se colectó una muestra de cada biorreactor cada 8 horas, para realizar análisis, microscópicos y moleculares, además el cultivo del consorcio en placa mostró una resistencia al cobre hasta 1,000 mM.
Resistencia extrema al cobre por un consorcio bacteriano conformado por Sulfo...
Resistencia extrema al cobre por un consorcio bacteriano conformado por Sulfo...
JohnRamos830530
redes informaticas
redes informaticas en una oficina administrativa
redes informaticas en una oficina administrativa
nicho110
Mais conteúdo relacionado
Destaque
The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010
Mario Heiderich
JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
Mario Heiderich
Gestione della produzione: dall’acquisizione dei dati al controllo dei processi Vai su www.sata.it per saperne di piu'
Gestione della commessa
Gestione della commessa
sata
This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities - every single f***** one of them. We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further. The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem - with a strong focus on feasibility and scalability.
The innerHTML Apocalypse
The innerHTML Apocalypse
Mario Heiderich
JavaScript From Hell - CONFidence 2.0 2009
JavaScript From Hell - CONFidence 2.0 2009
Mario Heiderich
ECMAScript 6, in short ES6, has been boiling in a copper pot for many years by now and step-by-step, browser vendors come forward to taste the first sips of this mystery soup. So, ES6 is no longer a theoretic language but already crawled across the doorstep and now lurks under your bed, ready for the nasty, waiting for the right moment to bite. Now, what is this whole ES6 thing? How did it develop and who made it? And why is it now implemented in your favorite browser? And what does it mean for web-security and beyond? This talk will answer these questions and showcase the new language from an attacker's perspective. You will see the new code constructs possible to be executed with ES6, new attack vectors and learn what you can do to tame that beast. Kafkaesque terminology such as expression interpolation, proper tail calls, computed properties, spread parameters, modules and tagged template strings will no longer be surprising you after attending this talk.
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
Mario Heiderich
The clipboard is one of the most commonly used tools across operating systems, window managers and devices. Pressing Ctrl-C and Ctrl-V has become so fundamentally important to productivity and usability that we cannot get rid of it anymore. We happily and often thoughtlessly copy things from one source and paste them into another. URLs into address-bars, lengthy commands into console windows, text segments into web editors and mail interfaces. And we never worry about security when doing so. Because what could possibly go wrong, right? But have we ever asked ourselves what the clipboard content actually consists of? Do we really know what it contains? And are we aware of the consequences a thoughtless copy&paste interaction can have? Who else can control the contents of the clipboard? Is it really just us doing Ctrl-C or is there other forces in the realm who are able to infect what we believe to be clean, who can desecrate what we trust so blindly that we never question or observe it? This talk is about the clipboard and the technical details behind it. How it works, what it really contains – and who can influence its complex range of contents. We will learn about a new breed of targeted attacks, including cross-application XSS from PDF, ODT, DOC and XPS that allow to steal website accounts faster than you can click, turn your excel sheet into a monster and learn about ways to smuggle creepy payload that is hidden from sight until it executes. Oh, and we’ll also see what can be done about that and what defensive measures we achieved to create so far.
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Mario Heiderich
Scriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the Sill
Mario Heiderich
About the Security Adventures with the "Super-Hero" Framework - a talk by Mario Heiderich
An Abusive Relationship with AngularJS
An Abusive Relationship with AngularJS
Mario Heiderich
A journey into the moldy layer between HTML and JavaScript
In the DOM, no one will hear you scream
In the DOM, no one will hear you scream
Mario Heiderich
Destaque
(10)
The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010
JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
Gestione della commessa
Gestione della commessa
The innerHTML Apocalypse
The innerHTML Apocalypse
JavaScript From Hell - CONFidence 2.0 2009
JavaScript From Hell - CONFidence 2.0 2009
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Scriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the Sill
An Abusive Relationship with AngularJS
An Abusive Relationship with AngularJS
In the DOM, no one will hear you scream
In the DOM, no one will hear you scream
Último
La Revolución Digital del siglo XXI ha sido un fenómeno de transformación sin precedentes, caracterizado por la rápida adopción y avance de tecnologías digitales en todos los ámbitos de la sociedad.
EVOLUCION DE LA TECNOLOGIA Y SUS ASPECTOSpptx
EVOLUCION DE LA TECNOLOGIA Y SUS ASPECTOSpptx
JorgeParada26
Eyvana Zabaleta María José Cerpa Nicolle Dejanon Zulay Daza
Avances tecnológicos del siglo XXI 10-07 eyvana
Avances tecnológicos del siglo XXI 10-07 eyvana
mcerpam
Innovaciones tecnologicas en el siglo 21
Innovaciones tecnologicas en el siglo 21
Innovaciones tecnologicas en el siglo 21
mariacbr99
Presentación de MuleSoft Meetup Buenos Aires 30/04/2024
Buenos_Aires_Meetup_Redis_20240430_.pptx
Buenos_Aires_Meetup_Redis_20240430_.pptx
Federico Castellari
How to use Redis with MuleSoft. Basic cache concepts.
How to use Redis with MuleSoft. A quick start presentation.
How to use Redis with MuleSoft. A quick start presentation.
FlorenciaCattelani
Guía básica sobre circuitos eléctricos
Guia Basica para bachillerato de Circuitos Basicos
Guia Basica para bachillerato de Circuitos Basicos
JhonJairoRodriguezCe
Este es un documento el cual podemos conocer la tecnología y como está ha avanzado con el tiempo.
Avances tecnológicos del siglo XXI y ejemplos de estos
Avances tecnológicos del siglo XXI y ejemplos de estos
sgonzalezp1
avances tecnológicos del siglo XXI
investigación de los Avances tecnológicos del siglo XXI
investigación de los Avances tecnológicos del siglo XXI
hmpuellon
La sensibilidad al cobre por parte de microorganismos biolixiviadores es uno de los principales problemas que enfrenta la minería para mejorar los procesos de biolixiviación. En tal sentido, nosotros evaluamos la resistencia al cobre de un consorcio microbiano conformado por Sulfobacillus spp., y Acidithiobacillus ferrooxidans, el cual se propagó, en bioreactores de tanque aireado y agitado de 1 L, los cuales contenían medio 9K suplementado con hierro y concentraciones crecientes de cobre (200 mM, 400 mM, 600 mM, 800 mM y 1,000 mM) a 30°C con un pH de 1.6 durante 96 horas. Se colectó una muestra de cada biorreactor cada 8 horas, para realizar análisis, microscópicos y moleculares, además el cultivo del consorcio en placa mostró una resistencia al cobre hasta 1,000 mM.
Resistencia extrema al cobre por un consorcio bacteriano conformado por Sulfo...
Resistencia extrema al cobre por un consorcio bacteriano conformado por Sulfo...
JohnRamos830530
redes informaticas
redes informaticas en una oficina administrativa
redes informaticas en una oficina administrativa
nicho110
Último
(10)
EVOLUCION DE LA TECNOLOGIA Y SUS ASPECTOSpptx
EVOLUCION DE LA TECNOLOGIA Y SUS ASPECTOSpptx
Avances tecnológicos del siglo XXI 10-07 eyvana
Avances tecnológicos del siglo XXI 10-07 eyvana
Innovaciones tecnologicas en el siglo 21
Innovaciones tecnologicas en el siglo 21
Buenos_Aires_Meetup_Redis_20240430_.pptx
Buenos_Aires_Meetup_Redis_20240430_.pptx
How to use Redis with MuleSoft. A quick start presentation.
How to use Redis with MuleSoft. A quick start presentation.
Guia Basica para bachillerato de Circuitos Basicos
Guia Basica para bachillerato de Circuitos Basicos
Avances tecnológicos del siglo XXI y ejemplos de estos
Avances tecnológicos del siglo XXI y ejemplos de estos
investigación de los Avances tecnológicos del siglo XXI
investigación de los Avances tecnológicos del siglo XXI
Resistencia extrema al cobre por un consorcio bacteriano conformado por Sulfo...
Resistencia extrema al cobre por un consorcio bacteriano conformado por Sulfo...
redes informaticas en una oficina administrativa
redes informaticas en una oficina administrativa
Album De Fotos
1.
Album de fotos
2.
1ª parte
3.
4.
5.
6.
7.
8.
9.
10.
11.
¿ 2ª parte
?
12.
¿ Un AVE
?
13.
¿ Un auditorio
?
14.
¿ Otra depuradora
?
15.
¿ Una Biblioteca
?
16.
¿ Otro hospital
?
17.
¿ Otro transporte
?
18.
¿ Mas puente
?
19.
¿ Otro puerto
?
20.
¿ Otro Vigo
?
Baixar agora