Overview
Explore a comprehensive analysis of one of the largest cryptojacking attacks in history, affecting over 5,000 websites including government sites worldwide. Delve into the discovery and investigation process, examine the poor remediation efforts by governments, and learn effective strategies to protect your website from similar ongoing threats. Gain insights into the potential dangers of malicious JavaScript injection, understand the importance of subresource integrity and content security policies, and discover the anatomy of Magecart attacks. Equip yourself with essential knowledge to enhance your cybersecurity practices and safeguard against evolving digital threats in this informative conference talk by security researcher Scott Helme.
Syllabus
Intro
Beginning
Coinhive
Investigation
Malicious JavaScript
http://scotthel.me/gov-crypto-dork
TV episode
Subresource integrity
Benefits
Drawbacks
Content security policy
Violation report
Magecart
Notable Magecart attacks
Taxonomy of an attack
Outro
Taught by
GOTO Conferences