Nytro Posted October 1, 2014 Report Posted October 1, 2014 Exploiting Browsers Like A Boss w/ WhiteLightning! Bryce KunzDerbycon 2014 Have you ever performed a spear-phishing attack where you failed to gain access to your target even though you know your target was exploitable to an old browser exploit? Selecting the wrong browser exploit or the wrong callback port for your payload can make for a very sad panda. Well cry no more sad panda- because WhiteLightning solves your exploitation problems! WhiteLightning is a browser exploitation frame - work that stealthily detects accurate versioning information from an endpoint’s browser and intelligently selects the best browser exploits to gain access to the remote endpoint. WhiteLightning directly interfaces with Metasploit via MS - GRPC to accurately start exploits- payloads- and handlers in real-time. Ready for the best part? Using some slick trickery I will show you how to use WhiteLightning and Metasploit together to exploit endpoint browsers all over a single TCP port using valid HTTP requests! Say goodbye to blocked callbacks and unreliable browser exploitation because we’re about to 0wn some targets with WhiteLightning!!! Via: Exploiting Browsers Like A Boss w/ WhiteLightning! - Bryce Kunz Derbycon 2014 (Hacking Illustrated Series InfoSec Tutorial Videos) Quote
