Infiltrating into internal networks by targeting people into visiting malicious websites is still being used by attackers. However, as the modern browsers are being automatically patched and endpoint protection improves, depending on either a browser 0day or the victim to click and deploy a malware on his machine narrows down attacker’s opportunities. But did you ever wonder how could someone obtain access to internal network by only relying on the victim’s browser as the main weapon?
In this talk, we will propose an attack concept that brings a whole new attack surface to infiltrate internal networks. The attack will work even on the latest patched browsers and without deploying any malware. By combining and advancing existing concepts of JavaScript reconnaissance techniques and DNS rebinding attacks, internal applications could be now exposed to the outside world while going unnoticed.
We will explain how going from theory to practice requires overcoming several limitations of the current DNS rebinding attack. We will go through the steps of evolving the current possibilities into establishing a full tunnel to internal network applications. We will tackle the challenges with handling all HTTP methods, proxying authentication and downloading binaries via the tunnel.
Nimrod Levy is a seasoned security researcher with over a decade of experience in the field of web application penetration testing and infrastructure attack simulations (i.e Red Team). Nimrod is the CTO and Co-founder at Scorpiones, a cyber security company which, among rest, illustrate potential attack vectors routes for its clients and recommending how to mitigate them. Nimrod enjoys giving back to the community, therefore the security tools he wrote in his free time are available through open-source projects.
Nick is an undergraduate at Middlebury College and a computer science major focusing in computer systems. He first became interested in computer security after the disclosure of the Spectre and Meltdown hardware vulnerabilities last year. He has an interest in assembly programming and compilers, and ROPC is a natural combination of these two.