Clipboard Attacks

Environment Setup/Error Reporting: https://sts.tools/setup

Browser Clipboard Attacks/Defense ep_3

Talk Scope

  1. Live example of a CSS clipboard attack
    • Can give the attacker remote code execution
  2. Live example of a Javascript clipboard issue
    • Understand how invisible characters in your clipboard can invade your privacy
  3. Learn how clipboard attack mitigations can be bypassed
  4. Learn secure ways of interacting with our clipboard

CSS Attack Ex

CSS Attack Ex (CONT.)

Clipboard APIs: document.execCommand()

Javascript Attack Ex

Clipboard APIs: Clipboard Api

Future JS Clipboard Attacks?

Clipboard Fingerprinting

Mitigations: Zero-width Characters

Mitigations: Terminal Attacks

Mitigations: Terminal Attacks (CONT.)

Other Vectors/Issues

Additional Resources

Discussion

0 comments