A Journey of Payload Delivery
Offered By: YouTube
Course Description
Overview
Explore payload delivery techniques in this 24-minute conference talk from Derbycon 2018. Delve into the intricacies of sending payloads, understanding different customer types, and implementing inflight detection and payload sampling. Learn about primary goals, including the use of Firefox Send, Web Crypto API, and browser encryption to avoid traffic inspection. Discover strategies to reach payloads from customer networks, minimize attribution, and reduce responses from link inspectors. Examine the weaponization of file-sharing services, Web Preview API, DNS, and TXT records in master-slave operations. Gain insights into Firefox operations and potential defenses against these techniques.
Syllabus
Introduction
What happens when you send a payload
Two types of customers
Inflight detection
Payload sampling
Primary goals
Firefox Send
Web Crypto API
Browser Encryption
Avoid Traffic Inspection
Reach for payload from customer network
Minimize attribution
Minimize response from link inspectors
Weaponize filesharing services
Web Preview API
DNS
Broker
TXT Record
Master Slave
Firefox Operation
Defenses
Conclusion
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network