Attacking the internal network from the public Internet using a browser as a proxy

March 19, 2019

At Forcepoint we continually seek to improve the protection our products provide. To this end, we often investigate unusual or potentially novel attack techniques. One such recent topic of research has been attacks against localhost and the internal network, launched from the public Internet. Though not a new attack, it is not widely known outside of the security research community that a malicious JavaScript can attack the internal network. Of the limited documentation that exists on this topic, most resources describe it in terms of inter-protocol exploitation [1] [2], whereas our focus is on intra-protocol exploitation.

Spotlight

EVRY

EVRY has about 10.000 employees and has a local presence in 50 towns and cities across the Nordic countries, with particular emphasis on Norway and Sweden. In addition, EVRY owns businesses in India and the Ukraine that contribute significant deliveries to Nordic customers in addition to providing services to customers in other European countries and in the USA.

OTHER WHITEPAPERS
news image

The Definitive WFH Security Checklist: 10 Easy Steps to Safer Remote Access

whitePaper | September 15, 2022

Providing secure, fast remote access is a top priority as the modern workforce has become predominantly remote. Working from home (WFH) or outside the office was once a choice or a stopgap measure, but today, it’s critical for business agility.

Read More
news image

Cross-Generational Security Of Mobile Telephony

whitePaper | August 4, 2022

Abstract— With the recent roll-outs of 5G networks and the rise of phones supporting the standard, it’s critical to examine the technical underpinnings of 5G system security. The fifth generation of 3GPP (3rd Generation Partnership Project) mobile telephony, the lack of understanding, outright hostility, and general confusion surrounding this roll-out is unmatched in the history of mobility. We aim to alleviate much of the confusion and hostility by providing an overarching description and security document.

Read More
news image

Consumer IoT Device Cybersecurity Standards, Policies, and Certification Schemes

whitePaper | February 16, 2023

There are three key elements in the world of Internet of Things cyber security. Standards are created in order to harmonize a common set of requirements. Regulations are created in order to incentivize manufacturers to adopt cybersecurity hygiene practices so as to protect societies and increase their cyber-resilience. Labels are created in order to provide visibility to consumers.

Read More
news image

Cybersecurity Technologies for Cloud Access

whitePaper | September 14, 2022

The enterprises’ network and network security architectures are unable to effectively serve the dynamic secure access requirements of digital business. The enterprise data center is no longer the center of access requirements for users and devices.

Read More
news image

Cybersecurity 2018

whitePaper | February 2, 2020

Small businesses usually neglect cybersecurity as an essential function making their IT infrastructure vulnerable. IT security issues often cost companies a lot of money and downtime every year. Even if the IT infrastructure consists of couple laptops and Devices, cybersecurity should always be a top priority.

Read More
news image

Cloud Security Survey 2023: Infrastructure Protection Best Practices

whitePaper | September 23, 2022

This survey was distributed by VMware User Group (VMUG) to their user base between July and September 2022. The responses were analyzed by the phoenixNAP team and key findings are presented in this document.

Read More

Spotlight

EVRY

EVRY has about 10.000 employees and has a local presence in 50 towns and cities across the Nordic countries, with particular emphasis on Norway and Sweden. In addition, EVRY owns businesses in India and the Ukraine that contribute significant deliveries to Nordic customers in addition to providing services to customers in other European countries and in the USA.

Events