YoVDO

Game of Chromes - Owning the Web with Zombie Chrome Extensions

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Web Development Courses Cybersecurity Courses Cross-Site Scripting (XSS) Courses Chrome Extensions Courses Command and Control Courses Content Security Policy Courses

Course Description

Overview

Explore a Black Hat conference talk detailing a massive botnet attack orchestrated through malicious Chrome extensions. Delve into the investigation of attack patterns, extension capabilities, and the attackers' objectives in using Wix as a distribution platform. Examine the characteristics of effective bots, command and control structures, and methods to streamline attacks. Analyze specific case studies, including Adobe Acrobat and AVG Web Tuneup extension vulnerabilities, and discuss the role of Content Security Policy in mitigating such threats. Gain insights into the evolving landscape of web-based attacks and defense strategies in this 46-minute presentation by Tomer Cohen.

Syllabus

Intro
Investigating Attack Patterns
Extension Course of Action
The Objective: Use Wix as a distributor to form a botnet
This Magical Bot...
What Makes A Good Bot
What An Extension Can Do
Command & Control
Too Much Work...
How Can We Make It Easier?
Adobe Acrobat extension XSS
Nothing New Here...
Content Security Policy
AVG Web Tuneup extension XSS


Taught by

Black Hat

Related Courses

Complete Website Ethical Hacking and Penetration Testing
Udemy Website Hacking / Penetration Testing
Udemy Bug Bounty - Web Application Penetration Testing B|WAPT
Udemy ASP.NET Core: Security
LinkedIn Learning Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals
EC-Council via FutureLearn