<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
So over the past few months we've been writing up an exploit for
SILICA that we think will make a big impact on our users. It's an
Android vulnerability, and some background on it is below. But we've
also been videoing various parts of how this exploit comes together.
One thing we always ask people to do at <a
href="http://www.infiltratecon.com/">INFILTRATE </a>is to show
some of the things they tried that failed - but most people can't
really even remember their process, let alone document it for the
viewers. <br>
<br>
And, of course, popular media implies you can write remote exploits
with <a href="http://www.youtube.com/watch?v=zfy5dFhw3ik">a gun to
your head </a>in sixty seconds or less.<br>
<br>
So we decided to change that. Each video is a small snapshot of how
this exploit comes together bit by bit. It's interesting if you want
to know more about the exploit, of course, but it's also interesting
if you want to learn about the kind of work and process that goes
into an exploit of this nature. These are unedited videos (as you
can tell) and sometimes you'll have to turn your sound all the way
up to hear Mark, but I promise it is worth it. Deep down, the
vulnerability is just the beginning, as anyone who has written an
exploit can tell you.<br>
<br>
Background:<br>
<a class="moz-txt-link-freetext" href="https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/">https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/</a><br>
<br>
Initial vulnerability exploration and optimism:<br>
Swordfish 0 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=yUx3RsTud1Q">http://www.youtube.com/watch?v=yUx3RsTud1Q</a><br>
Swordfish 0.5 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=qpaOQK6VjLg">http://www.youtube.com/watch?v=qpaOQK6VjLg</a><br>
Swordfish 1 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=37jseVURfNA">http://www.youtube.com/watch?v=37jseVURfNA</a><br>
Swordfish 2 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=kpsudceBElc">http://www.youtube.com/watch?v=kpsudceBElc</a><br>
Swordfish 2.5 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=TAxrrsJPUqw">http://www.youtube.com/watch?v=TAxrrsJPUqw</a><br>
<br>
Trying to make the exploit universal (against all vulnerable apps)
so it has a hope of working IRL:<br>
Swordfish 3 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=VEkXSy7YGLo">http://www.youtube.com/watch?v=VEkXSy7YGLo</a><br>
Swordfish 4 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=83h8AHBPP_s">http://www.youtube.com/watch?v=83h8AHBPP_s</a><br>
<br>
Just basically running into unseen issues<br>
Swordfish 5 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=8PnNX7XyE8c">http://www.youtube.com/watch?v=8PnNX7XyE8c</a><br>
<br>
Solving some of these issues, but running into more issues trying to
get it to work on all Android versions:<br>
(this one is longer than most - turn your sound up as it's a phone
video unfortunately)<br>
Swordfish 6 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=TNNtFCl-NEI">http://www.youtube.com/watch?v=TNNtFCl-NEI</a><br>
<br>
A brief interlude:<br>
Swordfish 7 part 1 - <a class="moz-txt-link-freetext" href="http://www.youtube.com/watch?v=xaPd1DK8-ws">http://www.youtube.com/watch?v=xaPd1DK8-ws</a><br>
<br>
There are more, of course. . . if you sign up to INFILTRATE will
send them to you. :><br>
<br>
-dave<br>
</body>
</html>