WEBCAST: JavaScript Weaponized

Matthew Toussain //

PowerShell is dead… well dying, kind of. JavaScript interpreters, on the other hand, are everywhere, and they are far from confined to the web browser. Join Matt Toussain as he explores a clandestine toolkit of in and out of browser techniques to accelerate the compromise. By leveraging inherent JavaScript capabilities, security professionals can acquire interactive sessions within a browser, harvest sensitive information against arbitrary origins, and pivot into internal networks. Between the browser and the host, there is ripe potential for catastrophic damage. Combining inherent Windows operating system controls with modern JavaScript implementations like ReactJS and Electron gives us the opportunity. It is time to have our cake and hack it too!  Visit http://prismatica.io/ to see more about this tool (may still be in development).



Ready to learn more?

Level up your skills with affordable classes from Antisyphon!

Pay-What-You-Can Training

Available live/virtual and on-demand