This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 27 • 18:00 - 19:00
Scraping leaky browsers for fun and passwords

Sign up or log in to save this to your schedule and see who's attending!

One of the most commonly used applications on desktop systems are web browsers. We identified that the latest versions of Microsoft Internet Explorer Edge, Google Chrome and Mozilla Firefox all contain vulnerabilities with regards to memory management of sensitive data. Concretely, they keep clear-text credentials in memory long after they have been entered and the designated tab is closed, allowing an adversary to recover this sensitive data as long as the web browser is running. This could prove very useful in certain forensic investigations, or be abused by an attacker to stealthily harvest website credentials without the need to install additional malware (e.g. a keylogger).

As a Proof-of-Concept for the vendors, we have implemented a Volatility Framework Plugin that allows to harvest website credentials from a memory dump. This plugin will be open-sourced after this talk. Additionally, we will share the response of the three vendors on our PoC.


Adrian Toma

Adrian Toma is a Romanian living in Belgium. He has a passion for Informatics, holds a Bachelor Degree in industrial systems and is following evening courses for a Second Bachelor Degree in Networks and Systems Security. At this moment he's working as Consultant in .NET development.

Stefaan Truijen

Stefaan Truijen holds a Master Degree in Computer Science with specialization in secure software. His thesis was on scraping the RAM memory of web browsers. Currently, he is employed as a junior security consultant at Planet-Talent.

Thursday October 27, 2016 18:00 - 19:00
01. Westvleteren University

Attendees (160)