Attacking the internal network from the public Internet using a browser as a proxy

March 19, 2019

At Forcepoint we continually seek to improve the protection our products provide. To this end, we often investigate unusual or potentially novel attack techniques. One such recent topic of research has been attacks against localhost and the internal network, launched from the public Internet. Though not a new attack, it is not widely known outside of the security research community that a malicious JavaScript can attack the internal network. Of the limited documentation that exists on this topic, most resources describe it in terms of inter-protocol exploitation [1] [2], whereas our focus is on intra-protocol exploitation.

Spotlight

Crucial Security

Crucial Security helps the most elite branches of the Federal Government’s law enforcement and intelligence communities engineer solutions to meet their demanding requirements. We provide state-of-the-art technical engineering and security services to members of those communities, along capabilities lanes in Big Data analytic system deveopment, Full spectrum cyber services and mobile solutions. Since the year 2000, Crucial Security has sought to define a new standard in the delivery of honest, trustworthy, world class offensive and defensive computer security expertise. We have recruit only experienced, highly qualified experts, who adhere to and demonstrate a commitment to our corporate values of trust, integrity, and honesty.

OTHER WHITEPAPERS
news image

Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

whitePaper | January 16, 2020

Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise. In fact, cyber security is now increasingly reviewed by corporate boards of directors and often discussed with financial analysts who see cyber security risk as an imminent and paramount business risk. Because the consequences of cyber security failures can be damaging to business revenues and brand reputation, CEOs have lost their positions as a result of data breaches and inept preparation and planning.

Read More
news image

Cloud-native security practicesin IBM Cloud

whitePaper | December 15, 2019

IBM Cloud™ is IBM’s high-performing public cloud platform, with data centers around the world that deliver cloud computing options from infrastructure as a service (IaaS), platform as a service (PaaS) to software as a service (SaaS). Security is a fundamental design principle for our cloud platform with market-leading security capabilities enabled for regulatory workloads.

Read More
news image

DeltaV™ Mobile Security Manual

whitePaper | October 26, 2022

DeltaV™ Mobile provides read-only access to process data and alarms on mobile devices. The solution includes a combination of software and hardware integrated with your existing network

Read More
news image

Supply Chain Security in MongoDB’s Software Development Lifecycle

whitePaper | May 25, 2022

Cybersecurity breaches do more than expose data to malicious actors. They generate headlines, captivate the public’s attention, and shine a light on security gaps. Whether it’s weak passwords or the software supply chain, if a vulnerability exists, cybercriminals will exploit it.

Read More
news image

Cyber Threat Predictions for 2023

whitePaper | November 3, 2022

While “less is more” is the critical strategy behind consolidating networks and security, “more is more” seems to be the mantra cybercriminals continue to live by. The most troubling trend we’ve observed across the cyber landscape is one we see continuing into the future—that threats of all kinds are becoming increasingly ubiquitous. From Ransomware-as-a-Service (RaaS) to new attacks on nontraditional targets like edge devices to the emerging use of wipers, the volume and variety of cyberthreats will keep security teams on their toes in 2023 and beyond.

Read More
news image

Unify data security, privacy, and governance with contextual data classification

whitePaper | November 29, 2022

Enterprise data can be a transformative asset. It can unlock insights and intelligence to fuel innovation, accelerate organizational growth, and create a significant competitive advantage — so long as it’s properly used.

Read More

Spotlight

Crucial Security

Crucial Security helps the most elite branches of the Federal Government’s law enforcement and intelligence communities engineer solutions to meet their demanding requirements. We provide state-of-the-art technical engineering and security services to members of those communities, along capabilities lanes in Big Data analytic system deveopment, Full spectrum cyber services and mobile solutions. Since the year 2000, Crucial Security has sought to define a new standard in the delivery of honest, trustworthy, world class offensive and defensive computer security expertise. We have recruit only experienced, highly qualified experts, who adhere to and demonstrate a commitment to our corporate values of trust, integrity, and honesty.

Events