yeah seems like getting info through a proxy where they just do file/packet analysis would be relatively easy, as he explains just mask the data and re-assemble it in the browser-pc lol "we will release an open-source attack toolkit for researchers and red teams to test these attacks on their security solutions and better understand their security exposure." thats pretty cool
Great talk. Yes it is simple, you said so yourself. You've elegantly and transparently laid out the fault in secure web gateways. The same could be said for most firewall features as well. Agreed with your conclusion on the gaps but not the solution. You state that AV's (or EDRs) cant adequately defend this at 2:31. Do you have reason to suspect that a more capable endpoint protection cant do the same protections your proposing your browser/extension would?
People code like maniacs, generate lots of bugs, screws up the hierarchy of data and code, or just padding, unfinish code structures, etc. A lot Programs/Apps these days are a big messy spaghetti that nobody wants to debug with patient, way too many errors to fix. And nobody talks about this
@@PropheticShadeZsecurity is only a concern when you're involved in shady business and you're afraid someone will find what you're hiding or you're clients will get the info and be able to sue you into oblivion
29:35 Another approach would be interleaving chunks, eg split into N chunks where the first chunk contains bytes whose index is 0 mod N, second with index 1 mod N, etc. Then you guarantee that a single request is not enough context to identify the file.
That's literately what hes showing during the entire 47 minute talk. Hes proving that its an architectural issue. That you need to be in the browser (or the browser itself) to defend adequately. His company is building and selling product that as an alternative to SWGs.
Securitytube free vids around 11-12 years ago got me hooked, vivek your a legend always amazing research :)
that`s why the answer to this is "Multilayer security", not only traffic to and from browser but also endpoint itself.
yeah seems like getting info through a proxy where they just do file/packet analysis would be relatively easy, as he explains just mask the data and re-assemble it in the browser-pc lol
"we will release an open-source attack toolkit for researchers and red teams to test these attacks on their security solutions and better understand their security exposure."
thats pretty cool
Great talk.
Yes it is simple, you said so yourself. You've elegantly and transparently laid out the fault in secure web gateways. The same could be said for most firewall features as well.
Agreed with your conclusion on the gaps but not the solution. You state that AV's (or EDRs) cant adequately defend this at 2:31.
Do you have reason to suspect that a more capable endpoint protection cant do the same protections your proposing your browser/extension would?
how far are we from carrierless cellphones ?
People code like maniacs, generate lots of bugs, screws up the hierarchy of data and code, or just padding, unfinish code structures, etc. A lot Programs/Apps these days are a big messy spaghetti that nobody wants to debug with patient, way too many errors to fix. And nobody talks about this
They dont want to pay for no change to their product
Security is only a concern when something breaks
@@PropheticShadeZ Yes, the bottom line first; what a toxic culture
@@PropheticShadeZsecurity is only a concern when you're involved in shady business and you're afraid someone will find what you're hiding or you're clients will get the info and be able to sue you into oblivion
29:35 Another approach would be interleaving chunks, eg split into N chunks where the first chunk contains bytes whose index is 0 mod N, second with index 1 mod N, etc. Then you guarantee that a single request is not enough context to identify the file.
Where is the open source code?
The SWG lets all these attacks through but what about the client browser itself? Surely some of them could be detected?
That's literately what hes showing during the entire 47 minute talk.
Hes proving that its an architectural issue. That you need to be in the browser (or the browser itself) to defend adequately. His company is building and selling product that as an alternative to SWGs.
And as soon as the assembled malicious file is saved, the EDR quarantines it
I think you are missing the point. There are a lot of things that it can carry ;)
Great talk 👍
21:41 embedded malware with svg,js,css
guys , you are trolling the swg vendors 😂😂😂
When I saw "Vivek Rama..." in the title, I thought "no way vivek ramaswamy know how to hack!!!" 😂😂
❤❤
Unseemly accent
When he says the code is open source, is he just saying the browser.security page is public? Lol
This is kind of industry changing research. 🥸
What are you talking about? People have been doing this for 10+ years.