Attacking the internal network from the public Internet using a browser as a proxy

March 19, 2019

At Forcepoint we continually seek to improve the protection our products provide. To this end, we often investigate unusual or potentially novel attack techniques. One such recent topic of research has been attacks against localhost and the internal network, launched from the public Internet. Though not a new attack, it is not widely known outside of the security research community that a malicious JavaScript can attack the internal network. Of the limited documentation that exists on this topic, most resources describe it in terms of inter-protocol exploitation [1] [2], whereas our focus is on intra-protocol exploitation.

Spotlight

Qihoo 360

360 is committed to providing high-quality free security services to address security issues encountered when the Internet for Chinese Internet users. The face of the Internet age Trojans, viruses, malware, phishing scams, and other diversified web security threats, Internet 360 ideas to solve the problem of network security. 360 is a free safe initiator that Internet security like search, e-mail, instant messaging, is the basis for the Internet service should be free. To this end, 360 security guards, 360 anti-virus and other security products free of charge to hundreds of millions of Chinese Internet users. At the same time, 360 developed a global scale and technology are leading cloud security system, it is possible to quickly identify and remove new viruses and Trojans fishing, hanging horse malicious pages and full protection of user's Internet security.

OTHER WHITEPAPERS
news image

Cyber Security: Defending your digital business

whitePaper | November 13, 2019

Your business relies on its technology – but lurking around the corner are intruders who can disrupt or devalue your operations. This report shines a light on the sources of the problem, and how you can establish the control you need to get the best from IT. In every corner of the globe, businesses are building new capabilities thatrely on technology. Small businesses are automating previously‐manual processes and digitizing key tasks and information sources. At the same time, large enterprises are dedicating vast resources to analytics and to digital transformation – capitalizing on the reach and opportunities enabled by digitalized processes.

Read More
news image

AWS Best Practices for DDoS Resiliency

whitePaper | December 5, 2019

You work to protect your business from the impact of Distributed Denial of Service (DDoS) attacks, as well as other cyberattacks. You want to keep your customers’ trust in your service by maintaining the availability and responsiveness of your application. And you want to avoid unnecessary direct costs when your infrastructure must scale in response to an attack.

Read More
news image

Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

whitePaper | January 16, 2020

Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise. In fact, cyber security is now increasingly reviewed by corporate boards of directors and often discussed with financial analysts who see cyber security risk as an imminent and paramount business risk. Because the consequences of cyber security failures can be damaging to business revenues and brand reputation, CEOs have lost their positions as a result of data breaches and inept preparation and planning.

Read More
news image

Warring State - China's cybersecurity strategy

whitePaper | December 1, 2019

Cyberspace and information technology have enabled the economic, political, and cultural inte - gration of the United States and China. However, interdependence creates costs as well as benefits. Increased interconnection has also contributed to major obstacles in the bilateral relationship, generating mutual distrust of incentives, actions, and norms in cyberspace. Information technology raises new challenges for states by allowing actors to exploit networks, conduct cyber espionage, or compromise national security with greater ease.

Read More
news image

2020 Cyber Security Predictions

whitePaper | January 28, 2020

This year there are some common themes that endure, so we’ll highlight these as “work in progress”. Transformations often take longer than 12 months to be identifi ed as necessary, to be executed and to become established. However, there are other themes emerging through a combination of drivers from audit, compliance security and governance that are now showing signs of infl uencing the way that cyber risks are managed in a much shorter timescale.

Read More
news image

Scenarios for the Future of Cybercrime - White Paper for Decision Makers

whitePaper | January 28, 2020

Project 2020 is an initiative of the International Cyber Security Protection Alliance (ICSPA). Its aim is to anticipate the future of cybercrime, enabling governments, businesses and citizens to prepare themselves for the challenges and opportunities of the coming decade. It comprises a range of activities, including common threat reporting, scenario exercises, policy guidance and capacity building.

Read More

Spotlight

Qihoo 360

360 is committed to providing high-quality free security services to address security issues encountered when the Internet for Chinese Internet users. The face of the Internet age Trojans, viruses, malware, phishing scams, and other diversified web security threats, Internet 360 ideas to solve the problem of network security. 360 is a free safe initiator that Internet security like search, e-mail, instant messaging, is the basis for the Internet service should be free. To this end, 360 security guards, 360 anti-virus and other security products free of charge to hundreds of millions of Chinese Internet users. At the same time, 360 developed a global scale and technology are leading cloud security system, it is possible to quickly identify and remove new viruses and Trojans fishing, hanging horse malicious pages and full protection of user's Internet security.

Events