Explore advanced browser-based Intranet attacks and blended threats in this Black Hat USA 2012 conference talk. Delve into the evolution of Web browser exploits since 2006, focusing on how HTML5 and modern technologies have overcome previous limitations. Learn about state-of-the-art JavaScript-based attacks that require minimal user interaction and complete the entire exploit attack cycle. Discover techniques for enumeration, discovery, and escalation of attacks into embedded network devices, ultimately leading to mass-scale permanent compromise. Examine the vulnerabilities of home broadband routers and SOHO devices in enterprise environments. Gain insights into network scanning methods, authentication exploits, firmware modification, and post-exploitation strategies for achieving persistence. Understand the potential worst-case scenarios and implications of these advanced attack methodologies for network security.
Blended Threats and JavaScript - A Plan for Permanent Network Compromise
Overview
Syllabus
Intro
Traditional Browser- Based Attacks
Traditional Network Exploitation
Blended Threats
Why Attack Network Devices?
SOHO Routers in the Enterprise
What Would Be the Worst Case Scenario?
Deployment
Network Scanning, the
Making Network Scanning Better
Limitations of JavaScript Based Network Scanning
Authentication
Basic Auth Brute Force
Modifying Firmware
Steps to deploy firmware
Post-Exploitation
Persistence
Cons
Overview
Taught by
Black Hat
