Crafting the Next-Generation Man-in-the-Browser Trojan
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the evolution and future of Man-in-the-Browser (MITB) trojans in this 54-minute conference talk from AppSecUSA 2017. Dive into the history of MITB attacks, current client-side defense mechanisms, and the development of next-generation trojans. Learn about advanced capabilities such as HTTP header manipulation, metamorphic JavaScript, and HPKP suicide attacks. Discover strategies to combat sophisticated MITB threats and gain insights into the future of application security. Examine real-world demonstrations and discuss potential countermeasures against evolving cyber threats.
Syllabus
Introduction
What are ManintheBrowser attacks
History of JEN
Timba
Trojan Capabilities
Top 10 Trojan Variants
Financial Losses
Content Security Policy
HTTP Public Key Pinning
SSL Transport Security
Headers
Trojan
Starting point
Extensions are dangerous
Requirements
C2 Requirements
Web Requests API
Can you modify the response body
Debugging the browser
Changing the DOM
Architecture
Demos
Testing
Grabber
Dumb Taming
Strategy
Polymorphism
Our thoughts
Other solutions
Realtime monitoring
Final demo
Wrapping up
Conclusion
How easy is it
Traditional approach
Who can be tricked
Extension icons
Missing
Mozilla
CSP in Meta Tags
Taught by
OWASP Foundation
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network