Dormant DOMination
Offered By: Security BSides San Francisco via YouTube
Course Description
Overview
Explore advanced network attack techniques targeting air-gapped systems in this conference talk from BSidesSF 2017. Delve into the concept of "Dormant DOMination," which leverages browser technologies like WebRTC, Web-Workers, and XMLHttpRequest objects to plant JavaScript hooks that monitor network connectivity changes. Learn how these methods can be used to scan local subnets, identify available hosts, and detect listening ports, potentially compromising even air-gapped networks. Examine existing subnet discovery and scanning techniques, persistence methods, and the implications of using dormant JavaScript objects for periodic network scanning. Gain insights into the vulnerabilities of corporate devices connecting to public networks and the limitations of traditional host-health checks in detecting these sophisticated JavaScript-based threats.
Syllabus
BSidesSF 2017 - Dormant DOMination (xntrik)
Taught by
Security BSides San Francisco
Related Courses
HTML5 Apps and GamesWorld Wide Web Consortium (W3C) via edX Vanilla JavaScript: Web Workers
LinkedIn Learning JavaScript: Async
LinkedIn Learning JavaScript on the Go: Async
LinkedIn Learning WebXR Hand Interactions and Real-Time Pose Detection - Ada Rose Cannon
Microsoft via YouTube