Home > Resources > Whitepapers > Attacking the internal network from the public Internet using a browser as a proxy

Attacking the internal network from the public Internet using a browser as a proxy

March 19, 2019

At Forcepoint we continually seek to improve the protection our products provide. To this end, we often investigate unusual or potentially novel attack techniques. One such recent topic of research has been attacks against localhost and the internal network, launched from the public Internet. Though not a new attack, it is not widely known outside of the security research community that a malicious JavaScript can attack the internal network. Of the limited documentation that exists on this topic, most resources describe it in terms of inter-protocol exploitation [1] [2], whereas our focus is on intra-protocol exploitation.

I'm For Real

Enter your details once to access all our information and resources

Spotlight

Trends & Technologies, Inc

Trends empowers our clients with technology-enabled business services allowing them to transcend. Our wide range of services, solutions, and products – from network infrastructure, virtualization, storage, security, cloud, collaboration, software services, managed services, to business analytics and application development – provide the right tools for our clients to achieve their business goals and thrive in a constantly changing and competitive landscape.

OTHER WHITEPAPERS
news image

Cybersecurity Whitepaper 2018

whitePaper | December 12, 2019

Most of the Small to medium-sized companies are unaware about the ways in which they’re vulnerable. More than 45% mistakenly believe they’re not a viable victim. They are just too small a target in comparison to larger organizations and tend to have a blind eye towards the cyber threats they face, which is in sharp contrast to what attackers think.

Read More
news image

Cybersecurity for Industry

whitePaper | November 24, 2022

This white paper provides an overview of “Cybersecurity for Industry.” It describes the threats and hazards to which industrial automation systems and production plants are exposed and introduces concepts for minimizing these risks and instituting a level of protection that’s acceptable on economic as well as security grounds.

Read More
news image

Network Traffic Analysis (NTA): A Cybersecurity ‘Quick Win’

whitePaper | February 27, 2020

According to research from ESG and the Information Systems Security Association (ISSA), 91% of cybersecurity professionals believe that most organizations are either extremely or somewhat vulnerable to a significant cyber-attack or data breach.1 This level of cyber-risk demands immediate attention and action from CISOs, CIOs, and business executives. As a result, 62% of organizations plan to increase cybersecurity spending in 2020.2 Here’s the problem: Increasing security budgets alone isn’t enough. CISOs need quick and easy wins that can greatly bolster security efficacy and streamline operations without demanding massive projects and vast resources. There is a lot of work ahead. This white paper concludes.

Read More
news image

Setting Security Baselines in Microsoft 365

whitePaper | December 28, 2022

One of the greatest risks you will face in your Microsoft environment is Business Email Compromise. This attack costs organizations around the world millions in losses each year, with no signs of slowing down.

Read More
news image

ZTE Cybersecurity White Paper 2021

whitePaper | October 29, 2021

Telecommunications equipment and systems, as critical infrastructure for a nation, have been widely valued by governments, operators, and users worldwide. Currently, the deployment of 5G has begun. Featuring faster speed, greater network capacity, and ultra-low latency, 5G will redefine the operation of critical infrastructure from the factory floor to the cloud. Its new technologies including Software-Defined Networking (SDN), Network Function Virtualization (NFV), Multi-access Edge Computing (MEC), and network slicing are paving the way for smart cities, remote surgery, autonomous vehicles, and large-scale Internet of Things (IoT) connectivity.

Read More
news image

Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid

whitePaper | October 26, 2022

To address the impacts of climate change, the U.S. electric grid will be undergoing significant changes by integrating clean energy resources such as solar and wind. These efforts will be accelerated with the recent passage of the Infrastructure Investment and Jobs Act1 and the Inflation Reduction Act.

Read More

Cybersecurity Whitepaper 2018

whitePaper | December 12, 2019

Most of the Small to medium-sized companies are unaware about the ways in which they’re vulnerable. More than 45% mistakenly believe they’re not a viable victim. They are just too small a target in comparison to larger organizations and tend to have a blind eye towards the cyber threats they face, which is in sharp contrast to what attackers think.

Read More

Cybersecurity for Industry

whitePaper | November 24, 2022

This white paper provides an overview of “Cybersecurity for Industry.” It describes the threats and hazards to which industrial automation systems and production plants are exposed and introduces concepts for minimizing these risks and instituting a level of protection that’s acceptable on economic as well as security grounds.

Read More

Network Traffic Analysis (NTA): A Cybersecurity ‘Quick Win’

whitePaper | February 27, 2020

According to research from ESG and the Information Systems Security Association (ISSA), 91% of cybersecurity professionals believe that most organizations are either extremely or somewhat vulnerable to a significant cyber-attack or data breach.1 This level of cyber-risk demands immediate attention and action from CISOs, CIOs, and business executives. As a result, 62% of organizations plan to increase cybersecurity spending in 2020.2 Here’s the problem: Increasing security budgets alone isn’t enough. CISOs need quick and easy wins that can greatly bolster security efficacy and streamline operations without demanding massive projects and vast resources. There is a lot of work ahead. This white paper concludes.

Read More

Setting Security Baselines in Microsoft 365

whitePaper | December 28, 2022

One of the greatest risks you will face in your Microsoft environment is Business Email Compromise. This attack costs organizations around the world millions in losses each year, with no signs of slowing down.

Read More

ZTE Cybersecurity White Paper 2021

whitePaper | October 29, 2021

Telecommunications equipment and systems, as critical infrastructure for a nation, have been widely valued by governments, operators, and users worldwide. Currently, the deployment of 5G has begun. Featuring faster speed, greater network capacity, and ultra-low latency, 5G will redefine the operation of critical infrastructure from the factory floor to the cloud. Its new technologies including Software-Defined Networking (SDN), Network Function Virtualization (NFV), Multi-access Edge Computing (MEC), and network slicing are paving the way for smart cities, remote surgery, autonomous vehicles, and large-scale Internet of Things (IoT) connectivity.

Read More

Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid

whitePaper | October 26, 2022

To address the impacts of climate change, the U.S. electric grid will be undergoing significant changes by integrating clean energy resources such as solar and wind. These efforts will be accelerated with the recent passage of the Infrastructure Investment and Jobs Act1 and the Inflation Reduction Act.

Read More
More Whitepapers

Spotlight

Trends & Technologies, Inc

Trends empowers our clients with technology-enabled business services allowing them to transcend. Our wide range of services, solutions, and products – from network infrastructure, virtualization, storage, security, cloud, collaboration, software services, managed services, to business analytics and application development – provide the right tools for our clients to achieve their business goals and thrive in a constantly changing and competitive landscape.

Events

Nordic IT Security Event

Conference