You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Objective<br />
Determine if it is possible as client to trigger unwanted behaviour<br />
Can we open arbitrary pinholes through a firewall?<br />
Can we open more ports on a server?<br />
Can we access to badly protected service ?<br />
Such as an internal database<br />
Such as vulnerable services<br />
Study of helpers has shown that it is not possible out of the box<br />
Client capabilities are always limited.<br />
Dangerous extensions have been blocked.<br />
An alternative approach should be found.<br />
Éric Leblond, Victor Julien (OISF) <strong>The</strong> <strong>menace</strong> <strong>came</strong> <strong>from</strong> <strong>below</strong> <strong>Hack</strong>.<strong>lu</strong> 2012 19 / 66