Категории

HostSplit: Exploitable Antipatterns in Unicode Normalization

Опубликовано: 06 Октябрь 2024
на канале: Black Hat
1,757
65

This talk demonstrates new exploit techniques that leverage Unicode normalization behavior to bypass URL security filters and, in some cases, allow one domain to impersonate another. Where previous attacks against internationalized domain names relied on visual spoofing, these attacks fool software with URL strings that are parsed as belonging to one hostname but resolved as belonging to a different host name.

By Jonathan Birch

Full Abstract & Presentation Materials: https://www.blackhat.com/us-19/briefi...

play_arrow
177,221
1.2 тыс

The Who - Be Lucky (Official Audio)

The Who - Be Lucky (Official Audio)
play_arrow
11,033
222

Кулич из Венского теста - результат получаеться с первого раза. Замес теста

Кулич из Венского теста - результат получаеться с первого раза. Замес теста
play_arrow
51,170
208

All You Need to Know About Pakistan’s HQ-9 Air Defence System

All You Need to Know About Pakistan’s HQ-9 Air Defence System
play_arrow
71
4

Как создать простой сайт/лендинга на Tilda на один экран без опыта и знаний. Часть 2.

Как создать простой сайт/лендинга на Tilda на один экран без опыта и знаний. Часть 2.
play_arrow
63
2

Python Built-In Modules: Math, OS, and Datetime Explained with Code Examples

Python Built-In Modules: Math, OS, and Datetime Explained with Code Examples
play_arrow
26
3

Hand Simulator Episode 1 – The Derp Hands

Hand Simulator Episode 1 – The Derp Hands
play_arrow
17,779
299

Telegram channel link not working problem fix🔥 || How to fix telegram channel link not open error!

Telegram channel link not working problem fix🔥 || How to fix telegram channel link not open error!
play_arrow
1,368
45

Jetta из США за 2 недели?

Jetta из США за 2 недели?
Похожие видео
play_arrow
Keynote - Securing Our Cyberspace Together

Keynote - Securing Our Cyberspace Together
play_arrow
Fireside Chat: Jeff Moss and Ruimin He

Fireside Chat: Jeff Moss and Ruimin He
play_arrow
LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules
play_arrow
Emerging Frontiers: Insights from the Black Hat Asia Review Board

Emerging Frontiers: Insights from the Black Hat Asia Review Board
play_arrow
What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned

What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned
play_arrow
The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition

The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition
play_arrow
Privacy Detective: Sniffing Out Your Data Leaks for Android

Privacy Detective: Sniffing Out Your Data Leaks for Android
play_arrow
Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs

Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs
play_arrow
The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms

The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms
play_arrow
One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks

One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks
play_arrow
Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments

Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments
play_arrow
You Shall Not PASS - Analysing a NSO iOS Spyware Sample

You Shall Not PASS - Analysing a NSO iOS Spyware Sample