Application Security, Web Application Security and Penetration Testing
This is a personal blog which represents only my personal views
Thursday, October 30, 2014
Reflected File Download - A New Web Attack Vector
From my Company's Blog:
On October 2014 as part of my talk at the Black Hat Europe 2014 event, I presented a new web attack vector that enables attackers to gain complete control over a victim’s machine by virtually downloading a file from trusted domains. I decided to call this technique Reflected File Download (RFD), as malware can be "downloaded" from highly trusted domains such as Google.com and Bing.com without ever being uploaded...
The full blog post, including links to the WhitePaper and exploit videos is now available:
http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html
Subscribe to:
Posts (Atom)