YoVDO

Dormant DOMination

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Javascript Courses WebRTC Courses Web Workers Courses

Course Description

Overview

Explore advanced network attack techniques targeting air-gapped systems in this conference talk from BSidesSF 2017. Delve into the concept of "Dormant DOMination," which leverages browser technologies like WebRTC, Web-Workers, and XMLHttpRequest objects to plant JavaScript hooks that monitor network connectivity changes. Learn how these methods can be used to scan local subnets, identify available hosts, and detect listening ports, potentially compromising even air-gapped networks. Examine existing subnet discovery and scanning techniques, persistence methods, and the implications of using dormant JavaScript objects for periodic network scanning. Gain insights into the vulnerabilities of corporate devices connecting to public networks and the limitations of traditional host-health checks in detecting these sophisticated JavaScript-based threats.

Syllabus

BSidesSF 2017 - Dormant DOMination (xntrik)


Taught by

Security BSides San Francisco

Related Courses

Early Detection through Deception
YouTube
Hack for Show, Report for Dough - Brian King
YouTube
Blue Teamin on a Budget of Zero - Kyle Bubp
YouTube
Windows Event Logs - Zero to Hero
YouTube
Weaponizing Splunk - Using Blue Team Tools for Evil
YouTube