BSidesSF 2017 has ended
Back To Schedule
Monday, February 13 • 4:50pm - 5:20pm
Dormant DOMination

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Traditional attacks to air-gapped networks have looked at vectors such as USB memory sticks (thanks Stuxnet), audio signals (thanks BadBIOS) and even cellular frequencies (thanks GSMem). But it's not entirely uncommon for portable devices (laptops, smart phones) to go from network to network, even connecting to potentially sensitive corporate networks. In fact, every day many corporate devices connect to the local coffee shop wifi on the way into the office. And it's here where things get interesting. Advanced mitigations to these vectors include things like host-health check, upon re-connecting to ‘secure’ networks. But what’s the chance that these scans will pick up on JavaScript that may be running in the DOM?


Leveraging a number of existing browser technology, such as WebRTC, Web-Workers and good old fashioned XMLHttpRequest objects we have everything we need to plant a JavaScript hook and monitor the local network interface for changes in connectivity. From here, we can start scanning different local subnets looking for available hosts. Once identified, we can even determine if they have any listening ports.


This presentation will discuss existing methods of subnet discovery & scanning, persistence methods and ways in which dormant JavaScript objects can periodically scan the local browser's network to discover new attack surfaces, even those that may be air-gapped. (Bloody JavaScript...)

avatar for xntrik


Director, Company
Christian is an app sec nerd who currently works at , previously at LinkedIn. Originally from Australia, Christian helped start an awesome, Perth-based security consulting firm, Asterisk Information Security. Christian has a deep love/hate relationship with JavaScript, and his involvement... Read More →

Monday February 13, 2017 4:50pm - 5:20pm PST