YoVDO

Offensive Javascript Techniques for Red Teamers

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Service Workers Courses Browser Exploitation Courses

Course Description

Overview

Explore offensive JavaScript techniques for red teamers in this 33-minute conference talk from BSidesSF 2019. Delve into advanced methods for crafting JavaScript payloads that target internal network vulnerabilities with unprecedented speed. Learn about new reconnaissance techniques traditionally used post-malware implant that can now be applied pre-implant to gain network footholds from a browser. Examine real-world examples of external payloads targeting internal assets at major companies, and understand the process of responsible disclosure for intranet-facing bugs. Topics covered include the Lobster Security Fallacy, browser exploitation limitations, Netflix Singularity, Service Workers, and building an attack portfolio. Gain insights into cutting-edge AppSec strategies that go beyond pre-exploitation, challenging conventional norms in cybersecurity.

Syllabus

Intro
Lobster Security Fallacy
Browser Exploitation
Limitations
Netflix
Singularity
RealWorld Examples
GeoCD Example
Bug Bounty Example
Service Workers
Attack Portfolio
Outro


Taught by

Security BSides San Francisco

Related Courses

Browser Exploitation - Max Zinkus
White Hat Cal Poly via YouTube
Browser Hacking With ANGLE
Hack In The Box Security Conference via YouTube
This is for the Pwners - Exploiting a WebKit 0-day in PlayStation 4
Black Hat via YouTube
Dark Fairytales from a Phisherman Vol II
44CON Information Security Conference via YouTube
Innovative Approaches to Exploit Delivery
Hack In The Box Security Conference via YouTube