![]() Scripts automatically execute, typically searching versions of the browser and plugins for a potentially vulnerable version.A user visits a website that is used to host the adversary controlled content.There are several known examples of this occurring. This kind of targeted campaign is often referred to a strategic web compromise or watering hole attack. Often the website used by an adversary is one visited by a specific community, such as government, a particular industry, or region, where the goal is to compromise a specific user or set of users based on a shared interest. forum posts, comments, and other user controllable web content). Built-in web application interfaces are leveraged for the insertion of any other kind of object that can be used to display web content or contain a script that executes on the visiting client (e.g.Malicious ads are paid for and served through legitimate ad providers (i.e., Malvertising).Script files served to a legitimate website from a publicly writeable cloud storage bucket are modified by an adversary.A legitimate website is compromised where adversaries have injected some form of malicious code such as JavaScript, iFrames, and cross-site scripting.Multiple ways of delivering exploit code to a browser exist (i.e., Drive-by Target), including: With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token. Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |