Explore the dark potential of online advertising networks in this eye-opening Black Hat USA 2013 conference talk. Discover how hackers can exploit legitimate ad distribution services to create massive browser botnets for pennies. Learn about the alarming capabilities of these instant javascript-driven networks, including DDoS attacks, spam campaigns, and password cracking. Examine the use of HTML5 and javascript to commandeer browsers without leaving traces, leveraging techniques like Cross-Site Request Forgery. Understand why traditional scaling methods fall short compared to this new approach. Gain insights into the simplicity, invisibility, and unprecedented scale of this attack vector, which allows malicious actors to run javascript on countless browsers simultaneously. Delve into the implications of this vulnerability and why there is no easy fix, as it exploits core functionalities of the web.
Overview
Syllabus
Black Hat USA 2013 - Million Browser Botnet
Taught by
Black Hat