Reflected File Download: a new web attack vector

[Axon]

http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html

Just by downloading a file from a trusted domain, attackers can gain full control over your machine. So,this means no more RAT's?

[2d8]

User have to follow the link and run by himself downloaded file, in order to execute malicious script.
Just a new way to install dropper on user's host, or RAT if it's better option for you.

[Nortcele]

http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html

Just by downloading a file from a trusted domain, attackers can gain full control over your machine. So,this means no more RAT's?

Another fucking reason why we are never safe...

[M1lak0]

Another fucking reason why we are never safe...

Haha true that..

[Nortcele]

Haha true that..

We are just basically fucked.

[M1lak0]

We are just basically fucked.

We? Dude we can fuck them too..
We hackers fuck them..

[Nortcele]

Yeah but still, we are allllll rapeddd

[Killordie]

I hate to necro my own post (not really), but all this and more is here: https://evilzone.org/hacking-and-security/blackhat-2014-%28europe%29/

[Axon]

I hate to necro my own post (not really), but all this and more is here: https://evilzone.org/hacking-and-security/blackhat-2014-%28europe%29/

Thank you for the input, never seen your original thread. Nonetheless, here a practical exploitation of RFD with JSONP.
http://blog.davidvassallo.me/2014/11/02/practical-reflected-file-download-and-jsonp/