Sense of Security consultant Hans-Michael Varbaek will be presenting at Black Hat Europe 2016 on Friday 4th November 2016, with his talk “From XSS to RCE 2.5”.
Hans-Michael will be demonstrating how an attacker can utilise XSS to execute arbitrary code when an administrative user inadvertently triggers a hidden XSS payload.
Custom tools and payloads integrated with Metasploit’s Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from compromised web applications. This version includes cool notifications and new attack vectors!
See the details on the Black Hat Europe 2016 website.