YoVDO

Dormant DOMination

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Javascript Courses WebRTC Courses Web Workers Courses

Course Description

Overview

Explore advanced network attack techniques targeting air-gapped systems in this conference talk from BSidesSF 2017. Delve into the concept of "Dormant DOMination," which leverages browser technologies like WebRTC, Web-Workers, and XMLHttpRequest objects to plant JavaScript hooks that monitor network connectivity changes. Learn how these methods can be used to scan local subnets, identify available hosts, and detect listening ports, potentially compromising even air-gapped networks. Examine existing subnet discovery and scanning techniques, persistence methods, and the implications of using dormant JavaScript objects for periodic network scanning. Gain insights into the vulnerabilities of corporate devices connecting to public networks and the limitations of traditional host-health checks in detecting these sophisticated JavaScript-based threats.

Syllabus

BSidesSF 2017 - Dormant DOMination (xntrik)


Taught by

Security BSides San Francisco

Related Courses

Programming Languages
University of Virginia via Udacity
Building a Basic Website
University of Massachusetts Amherst via Independent
iDESWEB, Introducción al desarrollo web
Miríadax
Web Engineering II: Developing Mobile HTML5 Apps
Technische Hochschule Mittelhessen via iversity
Web Application Architectures
University of New Mexico via Coursera