Explore advanced offensive JavaScript techniques for red teamers and security professionals in this 42-minute conference talk from BSidesSF 2021. Delve into the world of post-exploitation and lateral movement using browser-based attacks, focusing on methods that work quickly before a victim closes a tab. Learn about new JavaScript features that enable sophisticated threat actors to craft payloads targeting internal network vulnerabilities. Discover reconnaissance techniques traditionally used post-malware implant that can now be applied pre-implant from a browser. Examine real-world examples of external payloads targeting internal assets at large companies, and gain insights into the responsible disclosure process for intranet-facing bugs. This updated version of a previously presented talk offers valuable knowledge for red teamers, penetration testers, and anyone interested in advanced web-based attack techniques.
Overview
Syllabus
BSidesSF 2021 - Offensive Javascript Techniques for Red Teamers (Dylan Ayrey • Christian Frichot)
Taught by
Security BSides San Francisco
Related Courses
-
Offensive Javascript Techniques for Red Teamers
-
Offensive Hunting - Using Blue Team Techniques in Red Team Ops
-
Red Teaming a Manufacturing Network - Without Crashing It
-
Red Team Yourself - Thomas Richards
-
Gryffindor Pure JavaScript Covert Exploitation
-
Red Team Techniques for Evading, Bypassing, and Disabling MS Advanced Threat Protection and Advanced Threat Analytics
