No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
attack-dropbox
attack-openstack
attack-play
README.md

README.md

Web-Local-Attacks

Videos and POC for Web/Local attacks

================================================================================


Authors

The Web/Local attacks are designed by Yaoqi Jia, Zheng Leong Chua, Hong Hu, Shuo Chen, Prateek Saxena and Zhenkai Liang.


Videos

Videos for our attacks are available at https://youtu.be/fIHaiQ4btok.

Demo: Dropbox. https://youtu.be/P-oX0wEasz4.

Demo: FILE Scheme. https://youtu.be/IPWJzzpvJdA.

Demo: Google Play. https://youtu.be/nKyvCo5cn6c.

Demo: VNC. https://youtu.be/dYSTxmNVgxI.


VM for Chrome 33

Our POC works for Chrome 33. We'll provide a link for the VM of this version soon.


Disclaimer

The code is a research-quality proof of concept, and is still under development for more features and bug-fixing.


References

[jiaweb] [ The ``Web/Local'' Boundary Is Fuzzy: A Security Study of Chrome’s Process-based Sandboxing ] (http://www.comp.nus.edu.sg/~jiayaoqi/publications/chrome_ccs.pdf)
Yaoqi Jia, Zheng Leong Chua, Hong Hu, Shuo Chen, Prateek Saxena and Zhenkai Liang.
In the 23rd ACM Conference on Computer and Communications Security ( CCS 2016 )