YoVDO

Dormant DOMination

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Javascript Courses WebRTC Courses Web Workers Courses

Course Description

Overview

Explore advanced network attack techniques targeting air-gapped systems in this conference talk from BSidesSF 2017. Delve into the concept of "Dormant DOMination," which leverages browser technologies like WebRTC, Web-Workers, and XMLHttpRequest objects to plant JavaScript hooks that monitor network connectivity changes. Learn how these methods can be used to scan local subnets, identify available hosts, and detect listening ports, potentially compromising even air-gapped networks. Examine existing subnet discovery and scanning techniques, persistence methods, and the implications of using dormant JavaScript objects for periodic network scanning. Gain insights into the vulnerabilities of corporate devices connecting to public networks and the limitations of traditional host-health checks in detecting these sophisticated JavaScript-based threats.

Syllabus

BSidesSF 2017 - Dormant DOMination (xntrik)


Taught by

Security BSides San Francisco

Related Courses

HTML5 Apps and Games
World Wide Web Consortium (W3C) via edX
Vanilla JavaScript: Web Workers
LinkedIn Learning
JavaScript: Async
LinkedIn Learning
JavaScript on the Go: Async
LinkedIn Learning
WebXR Hand Interactions and Real-Time Pose Detection - Ada Rose Cannon
Microsoft via YouTube