Presentation: Out of the Browser Into the Fire



4:10pm - 5:00pm

Day of week:




Authors: Shubs Shah, Matt Bryant, and Joe DeMesy

The evolution of the web has blurred the line between traditional web applications and native clients. In an effort to allow web developers to build powerful desktop applications quickly, web technologies have been put into standalone client-side containers, all the while security has remained an afterthought. In this talk we will demonstrate a new class of attacks, that can be leveraged to exploit critical vulnerabilities in popular desktop applications implemented using embedded web technologies. We'll demonstrate leveraging XSS in native desktop applications to exfiltrate sensitive files, create messaging worms that can infect an entire organizations, and gaining arbitrary native code execution, all without the need to bypass DEP, ASLR and other modern operating system protections.

Speaker: Joe DeMesy

Security Associate @BishopFox

I like computers.

Find Joe DeMesy at

Similar Talks

Principal Technologist for Cloud Foundry


Conference for Professional Software Developers