Overview
Explore advanced offensive JavaScript techniques for red teamers and security professionals in this 42-minute conference talk from BSidesSF 2021. Delve into the world of post-exploitation and lateral movement using browser-based attacks, focusing on methods that work quickly before a victim closes a tab. Learn about new JavaScript features that enable sophisticated threat actors to craft payloads targeting internal network vulnerabilities. Discover reconnaissance techniques traditionally used post-malware implant that can now be applied pre-implant from a browser. Examine real-world examples of external payloads targeting internal assets at large companies, and gain insights into the responsible disclosure process for intranet-facing bugs. This updated version of a previously presented talk offers valuable knowledge for red teamers, penetration testers, and anyone interested in advanced web-based attack techniques.
Syllabus
BSidesSF 2021 - Offensive Javascript Techniques for Red Teamers (Dylan Ayrey • Christian Frichot)
Taught by
Security BSides San Francisco