Breaching the Perimeter via Cloud Synchronized Browser Settings

Sdílet
Vložit
  • čas přidán 26. 03. 2024
  • Cloud synchronized browser settings provide consistent configurations between devices. A considerable number of these features directly affect the security of the browser. If a cloud-synched browser session is compromised, it is trivial to extract passwords and credit card information, but it can also be leveraged in unexpected ways such as forcing users to browse to malicious URLs. This functionally allows you to bypass the social engineering portion of cracking the perimeter by guaranteeing your malicious links are always clicked. However, that is just the start of the harm that can be done via synchronized browser sessions.
    In this presentation, I will demonstrate novel techniques to leverage these settings to wreak havoc against an internal network, including credential theft, compromising of local data, downloading and executing malicious files, and automatically triggering protocol handlers...
    By: Edward Prior
    Full Abstract and Presentation Materials:
    www.blackhat.com/eu-23/briefi...

Komentáře •

Další v pořadí
Automatické přehrávání
Off The Record - Weaponizing DHCP DNS Dynamic Updates39:50Off The Record - Weaponizing DHCP DNS Dynamic Updates
Off The Record - Weaponizing DHCP DNS Dynamic UpdatesBlack Hat
zhlédnutí 1,6K
Something Rotten in the State of Data Centers40:27Something Rotten in the State of Data Centers
Something Rotten in the State of Data CentersBlack Hat
zhlédnutí 8K
Keynote: Industrialising Cyber Defence in an Asymmetric World41:02Keynote: Industrialising Cyber Defence in an Asymmetric World
Keynote: Industrialising Cyber Defence in an Asymmetric WorldBlack Hat
zhlédnutí 1,1K
LOVE is BLIND but not this one 😍💍00:20LOVE is BLIND but not this one 😍💍
LOVE is BLIND but not this one 😍💍Victoria Pfeifer
zhlédnutí 2,8M
格斗裁判暴力执法!#fighting #shorts00:15格斗裁判暴力执法!#fighting #shorts
格斗裁判暴力执法!#fighting #shorts武林之巅
zhlédnutí 24M
Tohle Rozhodně NEDĚLEJTE..00:42Tohle Rozhodně NEDĚLEJTE..
Tohle Rozhodně NEDĚLEJTE..vitaa
zhlédnutí 95K
Cooking a wild cactus for a delicious meal 🌵 Listen to "SUE DJ - RAM PAM PAM"00:55Cooking a wild cactus for a delicious meal 🌵 Listen to "SUE DJ - RAM PAM PAM"
Cooking a wild cactus for a delicious meal 🌵 Listen to "SUE DJ - RAM PAM PAM"TheSoul Music Family
zhlédnutí 14M
New Techniques for Split-Second DNS Rebinding31:20New Techniques for Split-Second DNS Rebinding
New Techniques for Split-Second DNS RebindingBlack Hat
zhlédnutí 1,3K
Building RAG at 5 different levels24:25Building RAG at 5 different levels
Building RAG at 5 different levelsJake Batsuuri
zhlédnutí 8K
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility44:30The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic AgilityBlack Hat
zhlédnutí 672
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools35:22The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread PoolsBlack Hat
zhlédnutí 1,6K
My Invisible Adversary: Burnout40:39My Invisible Adversary: Burnout
My Invisible Adversary: BurnoutBlack Hat
zhlédnutí 2,5K
Difference between cookies, session and tokens11:53Difference between cookies, session and tokens
Difference between cookies, session and tokensValentin Despa
zhlédnutí 557K
One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials30:14One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials
One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin CredentialsBlack Hat
zhlédnutí 1,2K
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to Enable BCP3828:23A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to Enable BCP38
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to Enable BCP38Black Hat
zhlédnutí 962
AWS Networking Basics For Programmers | Hands On27:14AWS Networking Basics For Programmers | Hands On
AWS Networking Basics For Programmers | Hands OnTravis Media
zhlédnutí 90K
🥋 Puff's Kung Fu stick session: Epic moves, hilarious fails! #PuffTheKungFuCat00:32🥋 Puff's Kung Fu stick session: Epic moves, hilarious fails! #PuffTheKungFuCat
🥋 Puff's Kung Fu stick session: Epic moves, hilarious fails! #PuffTheKungFuCatThat Little Puff
zhlédnutí 23M
TYPY ĽUDÍ V LIETADLE ✈️00:55TYPY ĽUDÍ V LIETADLE ✈️
TYPY ĽUDÍ V LIETADLE ✈️Lady Zika
zhlédnutí 101K
Život se mění ❗️😮‍💨 #komedie #sranda #ekv #shorts00:18Život se mění ❗️😮‍💨 #komedie #sranda #ekv #shorts
Život se mění ❗️😮‍💨 #komedie #sranda #ekv #shortsEmperKingVision
zhlédnutí 396K
Kiedy po ciężkim tygodniu idziesz na imprezę 😂00:20Kiedy po ciężkim tygodniu idziesz na imprezę 😂
Kiedy po ciężkim tygodniu idziesz na imprezę 😂BartoszJagielskiOfficial
zhlédnutí 6M
顔面水槽がブサイク過ぎるwwwww00:58顔面水槽がブサイク過ぎるwwwww
顔面水槽がブサイク過ぎるwwwwwはじめしゃちょー(hajime)
zhlédnutí 98M
CHYBA V LEDOVÉM KRÁLOVSTVÍ! #zajimavosti #frozen00:47CHYBA V LEDOVÉM KRÁLOVSTVÍ! #zajimavosti #frozen
CHYBA V LEDOVÉM KRÁLOVSTVÍ! #zajimavosti #frozenLůk
zhlédnutí 309K
Jan Bendig ft. Vanesa Horáková - TU TU TU (Official video)03:50Jan Bendig ft. Vanesa Horáková - TU TU TU (Official video)
Jan Bendig ft. Vanesa Horáková - TU TU TU (Official video)JanBendigOfficial
zhlédnutí 237K
Sizce Akım Videosu Güzel Olmuş Mu? #cznburak #shorts00:11Sizce Akım Videosu Güzel Olmuş Mu? #cznburak #shorts
Sizce Akım Videosu Güzel Olmuş Mu? #cznburak #shortsCzn Burak
zhlédnutí 12M