The dirty secrets of client-side exploitation and protection

The dirty secrets of client-side exploitation and protection

From BruCON 2014

Jump to: navigation, search

It’s no secret that client-side attacks are what gets attackers a foothold on the network, allowing them to wreak havoc and exfiltrate precious business data. Performing client-side attacks however is not as easy as it looks, neither is protecting against them. In this 4 hour workshop we will focus on what it takes to successfully run a client-side attack. We will cover initial intelligence gathering, exploit staging and execution and data exfiltration. Every topic will be accompanied with hands-on practical exercise. The second part of the workshop will cover the analysis of the specific attacks, the tools available to defenders and how to enable security teams to detect and prevent these specific attacks in the most efficient manner. The workshop as a whole will help both penetration testers and defensive security professionals to hone their skills and raise the bar on both sides.