How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend. Samy Kamkar firstname.lastname@example.org http://samy.pl Twitter: @SamyKamkar Who is samy? "Narcissistic Vulnerability Pimp" (aka Security Researcher for fun)
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
How I Met Your Girlfriend:
The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend.
(aka Security Researcher for fun)
20 bits = 1,048,576 cookies
* Thanks to Arshan Dabirsiaghi and Amit Klein for pointing me in the right direction
This is your network.
This is your network on drugs.
Cross-Protocol Scripting (XPS) and NAT Pinning: Introduction
PRIVMSG samy :DCC CHAT samy IP port
if port == 6667 … but
72203 != 6667
* Webkit integer overflow discovered by Goatse Security
A gentleman never asks.
A lady never tells.
Samy, you were so amazing! Can I make you a sandwich?
NAT Pinning: samy.pl/natpin
Geolocation via XSS: samy.pl/mapxss
HTML5 anti-WAF XSS: namb.la/maht5
* No IRC channels were trolled in the making of this presentation.