A Journey of Payload Delivery
Offered By: YouTube
Course Description
Overview
Explore payload delivery techniques in this 24-minute conference talk from Derbycon 2018. Delve into the intricacies of sending payloads, understanding different customer types, and implementing inflight detection and payload sampling. Learn about primary goals, including the use of Firefox Send, Web Crypto API, and browser encryption to avoid traffic inspection. Discover strategies to reach payloads from customer networks, minimize attribution, and reduce responses from link inspectors. Examine the weaponization of file-sharing services, Web Preview API, DNS, and TXT records in master-slave operations. Gain insights into Firefox operations and potential defenses against these techniques.
Syllabus
Introduction
What happens when you send a payload
Two types of customers
Inflight detection
Payload sampling
Primary goals
Firefox Send
Web Crypto API
Browser Encryption
Avoid Traffic Inspection
Reach for payload from customer network
Minimize attribution
Minimize response from link inspectors
Weaponize filesharing services
Web Preview API
DNS
Broker
TXT Record
Master Slave
Firefox Operation
Defenses
Conclusion
Related Courses
Network SecurityGeorgia Institute of Technology via Udacity Proactive Computer Security
University of Colorado System via Coursera Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Hacker101
HackerOne via Independent CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent