Attacking the internal network from the public Internet using a browser as a proxy

March 19, 2019

At Forcepoint we continually seek to improve the protection our products provide. To this end, we often investigate unusual or potentially novel attack techniques. One such recent topic of research has been attacks against localhost and the internal network, launched from the public Internet. Though not a new attack, it is not widely known outside of the security research community that a malicious JavaScript can attack the internal network. Of the limited documentation that exists on this topic, most resources describe it in terms of inter-protocol exploitation [1] [2], whereas our focus is on intra-protocol exploitation.

Spotlight

Efrat Networks

Efrat Networks has 14 years of experience in managing and maintaining IT systems for businesses in the greater New York area and in Israel. In a business environment that is increasingly dependent upon computer systems and communications, Efrat Networks acts as CIO for our clients and as a well-organized virtual IT department to help create a competitive edge to businesses ranging from the smallest organizations to 100+ employee offices in New York and Israel.

OTHER WHITEPAPERS
news image

Cybersecurity: A Comprehensive Risk Management Approach for Healthcare

whitePaper | August 19, 2022

Healthcare entities continue to face evolving cybersecurity threats that can put patient safety, privacy and operations at risk. Health information security breaches occur daily and will continue to accelerate as cyber-criminals recognize the value of patient data and the critical need for provider organizations to keep systems up and running. The cost of a data breach is astounding, and one few healthcare organizations can absorb as they continue to deal with the effects of the COVID-19 pandemic.

Read More
news image

Is Cyber Security Meeting Today’s Intensifying Challenges?

whitePaper | September 22, 2022

Cybersecurity has always been critical, but it’s taken on new urgency today. Cyberattacks have escalated in intensity and volume. At the same time, IT is experiencing the pressing challenges of a technology modernization revolution. Driving this tech revolution are remote work environments, a skills shortage and unprecedented growth in cloud deployments. These developments bring increasing requirements to proactively secure environments, deflect risks and rapidly respond to cyberattacks.

Read More
news image

OT/IoT Security Report Cyber War Insights, Threats and Trends, Recommendations

whitePaper | August 30, 2022

Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through its cybersecurity research and collaboration with industry and institutions, it helps defend the operational systems that support everyday life. The Labs team conducts investigations into industrial device vulnerabilities and, through a responsible disclosure process, contributes to the publication of advisories by recognized authorities.

Read More
news image

Security and Privacy White Paper

whitePaper | October 31, 2022

As cloud-based software solutions become prominent, discussions continue to revolve around security. When organizations implement a cloud-based solution, they put their trust in the solution provider to protect their data and deliver a secure platform.

Read More
news image

Citrix Cloud Services Data Protection Overview

whitePaper | September 29, 2022

Citrix understands that data protection is one of the top priorities for our customers when selecting a cloud service. Data protection is also a rapidly-evolving domain and requires enterprises to assess more information over time about the data handling practices of their vendors.

Read More
news image

Cybersecurity Technologies for Cloud Access

whitePaper | September 14, 2022

The enterprises’ network and network security architectures are unable to effectively serve the dynamic secure access requirements of digital business. The enterprise data center is no longer the center of access requirements for users and devices.

Read More

Spotlight

Efrat Networks

Efrat Networks has 14 years of experience in managing and maintaining IT systems for businesses in the greater New York area and in Israel. In a business environment that is increasingly dependent upon computer systems and communications, Efrat Networks acts as CIO for our clients and as a well-organized virtual IT department to help create a competitive edge to businesses ranging from the smallest organizations to 100+ employee offices in New York and Israel.

Events