WEBCAST: JavaScript Weaponized

Matthew Toussain//

PowerShell is dead… well dying, kind of. JavaScript interpreters on the other hand are everywhere, and they are far from confined to the web browser. Join Matt Toussain as he explores a clandestine toolkit of in and out of browser techniques to accelerate the compromise. By leveraging inherent JavaScript capabilities, security professionals can acquire interactive sessions within a browser, harvest sensitive information against arbitrary origins, and pivot into internal networks. Between the browser and the host, there is ripe potential for catastrophic damage. Combining inherent Windows operating system controls with modern JavaScript implementations like ReactJS and Electron gives us opportunity. It is time to have our cake and hack it too!