Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Browser Exploits? Grab Them by Theā€¦ Collar!

Debasish Mandal

1 vote(s)

APT has become a hot topic in enterprise IT today. One of the softwares that we see becomes victim of APT attack more often is web browsers and the attack surface is becoming bigger and bigger every day.

TCP Live Stream Injection (https://en.wikipedia.org/wiki/Packet_injection) is a technique that we have seen, is being abused by various Internet Service Providers, Router vendors for decades. We have seen in the past, using this technique ISPs, router vendors intercepts HTTP traffic and inject arbitrary data silently into HTTP responses. This is usually done by injecting arbitrary JavaScript code into actual HTTP response body in real time. When the injected JavaScript code reaches client browser it performs various operations such as loading advertisements, information gathering etc.

This paper presents a generic browser exploit detection technique that uses the same Live Network Stream Code Injection technique to reliably catch browser exploits. The detection system can be considered as completely agent less and capable of detecting various techniques, used in modern browser exploitation. Unlike any other Host Based Intrusion Prevention Systems, to be able to generically detect and block browser exploits, no OS API hooking, dll injection or code injection is required in browser process.

About Debasish Mandal

Debasish Mandal is a security researcher and currently working in Intel Security (McAfee) IPS Vulnerability Research Team. He has been working in information security industry for past 5 years. Initial few years of his career was mostly focused into Penetration Testing of Different Web Application & Networks. Last two years at Intel Security, his primary focus has been shifted to Vulnerability Research, where he spents most of his time, Reverse Engineering different vulnerabilities , exploits , attack techniques and writing detection logic for them. Besides doing research, he's passionate about security bug hunting (Fuzzing), programming, technical blog writing.

Some of his work can be found here http://www.debasish.in/ & https://securingtomorrow.mcafee.com/author/debasish-mandal/.