Webinar Details
Modern browsers have evolved far beyond simple HTTP wrappers into feature-rich platforms with capabilities that rival traditional operating systems. This presentation examines how Chrome’s legacy functionality, like browser extensions and recent additions in the form of Isolated Web Applications, can be leveraged to create sophisticated command-and-control capabilities that may evade traditional endpoint protection mechanisms.
The talk will demonstrate ChromeAlone (github.com/praetorian-inc/ChromeAlone), our open-source research framework that explores an example post-exploitation attack against Chrome to turn its feature set into a full command and control implant. We’ll cover capabilities including TCP traffic proxying, credential access, input monitoring, and command execution—all using Chrome’s native features. Our implementation highlights several areas of interest: the security implications of feature interactions, techniques for component sideloading, and the use of WebAssembly for code obfuscation.
About the Presenter:Michael Weber is a member of the Praetorian Security Labs team where he creates tools to help his fellow consultants not stay up until 2am hunting for material risks. He specializes in chrome shenanigans, malware development, vulnerability research, and online poker datamining.
Prevention first strategy under one unified platform.
Leverage continuous offensive security to ensure your next hour—and next dollar—are spent on breachable risk.