{"guid":"import-bd2328a813340989bc","title":"Rootkits in your Web application","subtitle":"Achieving a permanent stealthy compromise of user accounts with XSS and JS injection attacks.","slug":"28c3-4811-en-rootkits_in_your_web_application","link":"http://events.ccc.de/congress/2011/Fahrplan/events/4811.en.html","description":"XSS bugs are the most widely known and commonly occurring Web vulnerability,\nbut their impact has often been limited to cookie theft and/or simple actions,\nsuch as setting malicious email filters, stealing some data, or\nself-propagation via an XSS worm. In this work, I discuss practical approaches\nfor exploiting XSS and other client-side script injection attacks, and introduce\nnovel techniques for maintaining and escalating access within the victim's\nbrowser. In particular, I introduce the concept of _resident XSS_ where\nattacker-supplied code is running in the context of an affected user's main\napplication window and describe its consequences. I also draw analogies between\nsuch persistent Web threats and the traditional rootkit model, including\nsimilarities in the areas of embedding malicious code, maintaining access,\nstealthy communication with a C\u0026C server, and the difficulty of detecting and\nremoving attacker-supplied code.\n","original_language":"eng","persons":["Artur Janc"],"tags":["28c3"," Hacking"],"view_count":134,"promoted":false,"date":"2011-12-28T01:00:00.000+01:00","release_date":"2012-01-04T01:00:00.000+01:00","updated_at":"2025-06-23T21:15:09.688+02:00","length":3382,"duration":3382,"thumb_url":"https://static.media.ccc.de/media/congress/2011/28c3-4811-en-rootkits_in_your_web_application_h264.jpg","poster_url":"https://static.media.ccc.de/media/congress/2011/28c3-4811-en-rootkits_in_your_web_application_h264_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2011/import-bd2328a813340989bc-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2011/import-bd2328a813340989bc-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/28c3-4811-en-rootkits_in_your_web_application","url":"https://api.media.ccc.de/public/events/import-bd2328a813340989bc","conference_title":"28C3: behind enemy lines","conference_url":"https://api.media.ccc.de/public/conferences/28c3","related":[{"event_id":31,"event_guid":"import-a05a76991aa031db49","weight":1},{"event_id":1166,"event_guid":"import-106c6a69092efb9c66","weight":1},{"event_id":1332,"event_guid":"import-35fc7dfee5f7a75c5f","weight":1},{"event_id":1530,"event_guid":"import-6fdeaba494d8699165","weight":2},{"event_id":1540,"event_guid":"import-bee058f77897330ce0","weight":1},{"event_id":1544,"event_guid":"import-9d9c56ae1d5816730b","weight":1},{"event_id":1548,"event_guid":"import-c55c543fed3dbc291f","weight":2},{"event_id":1568,"event_guid":"import-0f193d0a307fc9b016","weight":1},{"event_id":1575,"event_guid":"import-743191fd7e877fb432","weight":1},{"event_id":1578,"event_guid":"import-dd7f992024a421b675","weight":1},{"event_id":1591,"event_guid":"import-a110a31f1ffd593368","weight":1},{"event_id":1604,"event_guid":"import-006ecab1019284581b","weight":1},{"event_id":1609,"event_guid":"import-68a1981706215efc82","weight":2},{"event_id":1625,"event_guid":"import-d5e915f712036ff928","weight":1},{"event_id":1628,"event_guid":"import-974e41c3857176ef9f","weight":1},{"event_id":1710,"event_guid":"import-23969f74f61375b2c6","weight":1},{"event_id":1726,"event_guid":"w9UU1iDfP18QvWJ5i2VDsg","weight":1},{"event_id":1839,"event_guid":"tnCge6rYmFPy9O0KjvtBAQ","weight":1},{"event_id":2188,"event_guid":"oBQMMNfX5t-5TBIk3z6pOg","weight":1},{"event_id":2199,"event_guid":"MBpSOQzfPD4ky0hqL6B-hg","weight":1},{"event_id":2227,"event_guid":"H1GEe9l64eUbo1oZXtLkEg","weight":2},{"event_id":2246,"event_guid":"5hkhmuwi5J8ZHMfd5k7veg","weight":1},{"event_id":2250,"event_guid":"Q41efHdmmnBkM5G8p6Wf_w","weight":1},{"event_id":2257,"event_guid":"rSiFVNguzdBmx13Lb-gobg","weight":1},{"event_id":2544,"event_guid":"2cce4d76-619d-4f60-b7e9-28e8ee9d6483","weight":1},{"event_id":2925,"event_guid":"e1efc11e-170c-4234-9ac0-4451a6631b01","weight":1},{"event_id":2939,"event_guid":"c87fa147-d1f4-4353-82db-c3e5b646884b","weight":1},{"event_id":2951,"event_guid":"2e3d2878-e8b0-44cd-aea8-baf52be25ecf","weight":1},{"event_id":3093,"event_guid":"1682d8d8-6446-4629-ba26-3a5cd7157c67","weight":1},{"event_id":3366,"event_guid":"46647784-a003-5e87-9fcf-881d1c42efb6","weight":1},{"event_id":3603,"event_guid":"798573a8-f544-48f0-abaf-ebc405f03f4a","weight":1},{"event_id":3607,"event_guid":"64c07cb5-ec19-4972-a2c8-96c0e0df83c6","weight":1},{"event_id":3623,"event_guid":"b7e028fa-175f-464d-bc85-adf56e358626","weight":1},{"event_id":3633,"event_guid":"530f0400-e4e8-4d99-909d-4cfc8121c0b0","weight":1},{"event_id":3640,"event_guid":"700a07e7-a9c4-437b-a4c5-4491b23a9b4a","weight":1},{"event_id":3641,"event_guid":"b9ca38ea-fa88-48c4-8083-9415eee93fcb","weight":1},{"event_id":3656,"event_guid":"1a6657a2-b6c2-4acc-b8fc-5ec081c0877f","weight":1},{"event_id":3671,"event_guid":"4ef69e6a-026f-4b30-888d-af654b220a3d","weight":1},{"event_id":3689,"event_guid":"1f7eb981-2819-4824-8f40-4ddde0be7bf3","weight":2},{"event_id":3695,"event_guid":"c300b194-2a85-4705-92aa-b4e789882303","weight":1},{"event_id":3701,"event_guid":"155a622a-196e-4e05-a262-88f3a7726bbe","weight":1},{"event_id":3707,"event_guid":"c19012c9-71de-4272-a6f4-898f5c48b8d9","weight":1},{"event_id":3712,"event_guid":"cb23378b-6db0-4e2f-a4c8-f5006a467ca3","weight":1},{"event_id":3720,"event_guid":"198bdfe5-24cf-4b2f-9cd5-7522a99b3b4e","weight":1},{"event_id":3725,"event_guid":"c4211c94-7cea-457d-9214-7ccf5d7c89cc","weight":1},{"event_id":3727,"event_guid":"2aba641b-114d-4dac-866e-533314a3c108","weight":1},{"event_id":3733,"event_guid":"855ab830-c6c0-4be7-b84c-31ba78e90e3c","weight":1},{"event_id":3739,"event_guid":"61677c86-8d83-4c30-9cf4-f7741e1a8798","weight":1},{"event_id":3762,"event_guid":"25e2df7d-5740-4c2f-bc34-986326d606fe","weight":2},{"event_id":4267,"event_guid":"e02b1946-a7ce-4779-a4c2-d120a43edd19","weight":1},{"event_id":6927,"event_guid":"9463b562-8353-562e-8484-f9cac7749407","weight":1}],"recordings":[{"size":572,"length":3382,"mime_type":"audio/ogg","language":"eng","filename":"28c3-4811-en-rootkits_in_your_web_application.ogg","state":"downloaded","folder":"ogg-audio-only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-31T23:45:43.716+02:00","recording_url":"https://cdn.media.ccc.de/congress/2011/ogg-audio-only/28c3-4811-en-rootkits_in_your_web_application.ogg","url":"https://api.media.ccc.de/public/recordings/2973","event_url":"https://api.media.ccc.de/public/events/import-bd2328a813340989bc","conference_url":"https://api.media.ccc.de/public/conferences/28c3"},{"size":572,"length":3382,"mime_type":"video/webm","language":"eng","filename":"28c3-4811-en-rootkits_in_your_web_application.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:46.922+01:00","recording_url":"https://cdn.media.ccc.de/congress/2011/webm/28c3-4811-en-rootkits_in_your_web_application.webm","url":"https://api.media.ccc.de/public/recordings/2972","event_url":"https://api.media.ccc.de/public/events/import-bd2328a813340989bc","conference_url":"https://api.media.ccc.de/public/conferences/28c3"}]}