Description: Let’s do a magic trick. Take one proxy server, make it fulfill requests through a browser’s communication API. Inject said proxy server into a target’s browser. What happens, you ask? Through this proxy, you transparently inherit your target’s identity on the web and can surf to sites they’ve already authenticated to. Browser Pivoting is a man-in-the-browser attack that gets past two-factor user authentication and other protection measures. This talk will demonstrate browser pivoting, discuss how it works, and speak to how an attacker can inherit identity… when they know the right place to hook in.
Bio: Raphael Mudge is the founder and Principal at Strategic Cyber LLC. His company’s software, Cobalt Strike, helps pen testers and red teams emulate advanced threats.
For More Information please visit : - http://www.derbycon.com
http://www.irongeek.com/i.php?page=videos/derbycon3/mainlist
Tags: securitytube , hacking , hackers , information security , convention , computer security , derbycon-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.