Breaching the Perimeter via Cloud Synchronized Browser Settings

Explore a 34-minute Black Hat conference talk that delves into the security vulnerabilities of cloud-synchronized browser settings. Discover how compromised browser sessions can be exploited to extract sensitive information like passwords and credit card details, and learn about unexpected attack vectors such as forcing users to visit malicious URLs. Examine novel techniques for leveraging these settings to compromise internal networks, including credential theft, local data breaches, malicious file execution, and automatic triggering of protocol handlers. Gain insights into the potential risks associated with consistent browser configurations across devices and understand the implications for perimeter security in modern computing environments.