Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore advanced offensive JavaScript techniques for red teamers and security professionals in this 42-minute conference talk from BSidesSF 2021. Delve into the world of post-exploitation and lateral movement using browser-based attacks, focusing on methods that work quickly before a victim closes a tab. Learn about new JavaScript features that enable sophisticated threat actors to craft payloads targeting internal network vulnerabilities. Discover reconnaissance techniques traditionally used post-malware implant that can now be applied pre-implant from a browser. Examine real-world examples of external payloads targeting internal assets at large companies, and gain insights into the responsible disclosure process for intranet-facing bugs. This updated version of a previously presented talk offers valuable knowledge for red teamers, penetration testers, and anyone interested in advanced web-based attack techniques.
