Los Angeles/2008 Meetings/November 19

Speaker: Stephan Chenette
Stephan Chenette is a Senior Security Researcher who helps lead Websense Security Labs working on malcode detection techniques. Mr. Chenette specializes in research tools ranging from kernel-land sandboxes, to static analysis scanners. He has released public analyses on various vulnerabilities and malware. Prior to joining Websense, Stephan was a security software engineer for 4 years working in research and product development at eEye Digital Security.

Abstract: A new web attack vector: Script Fragmentation
This presentation will introduce a new web-based attack vector which utilizes client-side scripting to fragment malicious web content.

This involves distributing web exploits in a asynchronous manner to evade signature detection. Similar to TCP fragmentation attacks, which are still an issue in current IDS/IPS products, This attack vector involves sending any web exploit in fragments and uses the already existing components within the web browser to reassemble and execute the exploit.

Our presentation will discuss this attack vector used to evade both gateway and client side detection. We will show several proof of concepts containing common readily available web exploits.