Have you ever performed a spear-phishing attack where you failed to gain access to your target even though you know your target was exploitable to an old browser exploit? Selecting the wrong browser exploit or the wrong callback port for your payload can make for a very sad panda. Well cry no more sad panda- because WhiteLightning solves your exploitation problems! WhiteLightning is a browser exploitation framework that stealthily detects accurate versioning information from an endpoint’s browser and intelligently selects the best browser exploits to gain access to the remote endpoint. WhiteLightning directly interfaces with Metasploit via MSGRPC to accurately start exploits- payloads- and handlers in real-time. Ready for the best part? Using some slick trickery I will show you how to use WhiteLightning and Metasploit together to exploit endpoint browsers all over a single TCP port using valid HTTP requests! Say goodbye to blocked callbacks and unreliable browser exploitation because we’re about to 0wn some targets with WhiteLightning!!!

Back to Derbycon 2014 video list