Speaker: John Giampa
Title: Browser Hacking Methodology
Advisor: Doug Jacobson
Abstract: The web browser is the de-facto interface for people to access information, launch applications and conduct commerce from their computer. While the browser offers a user-friendly interface for accessing these resources, it also has a large attack surface. The vulnerabilities are based on the type, version and settings of the browser being used. By exploiting the vulnerabilities in the victim’s browser, a hacker can gain control over their computer without the knowledge of the user. Social engineering can be used to lure the victim into initiating the attack.
Attackers can use browser hacking with the goal of identity theft, espionage or gaining unauthorized access to resources. Pen testers can apply these techniques to help organizations identify and fix vulnerabilities within their environment. Government agencies can use browser hacking techniques to help gather terrorist information for homeland security.
The objective of this Creative Component project is to explore browser attacks, and to demonstrate examples within a lab environment. The testing will be conducted on HTML source copied from live websites. I will apply tools, such as BeEF (Browser Exploitation Framework), to launch attacks within this lab environment, and document the results. I will also describe social engineering approaches that can be used to help initiate an attack.