One Article Review
| Source |  RedTeam PL |
|---|---|
| Identifiant | 1800548 |
| Date de publication | 2020-07-10 14:59:09 (vue: 2020-07-10 13:05:08) |
| Titre | BadWPAD and spear-phishing using Battle.net Desktop App |
| Texte | Brief introductionIn this blog post I would like to describe an example which shows how serious the consequences of a successful badWPAD attack can be. It is not possible to perform a MiTM (man-in-the-middle) attack on encrypted HTTPS communication without accepting a rogue certificate, however an attacker can modify cleartext HTTP traffic. This attack can be successfully performed in many modern applications which still use plain HTTP protocol for communication, updates etc. One such example is the Battle.net Desktop App used by millions of users around the world. An attacker can change information presented to a victim in many different locations inside the application to perform high quality social engineering attacks on a mass scale.MiTM attack on Battle.net Desktop AppHow can this attack be used to perform a high quality non-email based spear-phishing? I am going to demonstrate thi |
| Envoyé | Oui |
| Condensat | // if +0200 /pl /tpr/bnt001/patch/50/45/504504b7fd0954282978e1bd67984c30 /wpad 03:00 04:00 05:00 07:00 08:07:15 100 11:53:00 11:53:03 12040 124 12:33:29 172 179 1969connection: 1d6 1host: 1st 200 2020 21/jun/2020:12:31:33 21:25:48 30th 3770 377live 470prace 4864 5a9348bf472c0 72857563 7:8080; :another @blizzardcseu able above accept accepting account account:an action” actually address adjust affect after aktualnych ale alike all also america another apachex app apphow applewebkit/537 application application:this applications arbitrary are around attack attacker attacks back badwpad based battle been before bericht binary/octet blizzard blog brief browser but bytes bytescontent być can captured case cdn celu certificate cest change changed changing chrome/75 cleartext clickable clicks client closehttp/1 closelast code collision com com* com/blizzardcs/status/1276864865437716487 com/en/blizzard/c/feedback com05 comconnection: commands:$ communication configuration configured consequences content controlled could curl customer czerwca dat de/content/dam/fkie/de/documents/homerouter/homeroutersecurity default demonstrate describe described desktop details detected developers devolution different direct disclosure disconnects discussion/6 dniu: dns domain dos doświadczać due during each easily else return email encrypted engineering entertainment etc everything example experience fake fiddler file file:94 findproxyforurl fkie follow following forum forums frame fraunhofer from game gecko get given gmtaccept gmtcontent gmtetag: gmtserver: godz going got gracze grze hacked hacks@blizzard has hashes have high home host hostnames how however html http http/1 http://* http://eu https https://blog https://eu https://twitter https://us https://www immediate including informacji information information:please inside interruptions introductionin issues jego july jun june just khtml konserwacyjne lan language languages large larger launcher leaking length: like likely link links lipca llmnr locations log logged logowanie look lure mail mailed mails maintenance malicious man many mass matching:http://eu may mentioned message messages middle millions minut minutes mitm modern modified: modify mogą mon most mozilla/5 możliwe nadchodzącym name nbt net net* net/1 net/service/ net/service/odin/alert/en net/service/odin/alert/pl net/support/en/article/23664 news non none north not note notice ntlmv2 okdate: okresie one only opened options: ostrzeżenie out pac pdf perform performance performed performing phishing pl/2019/05/sinkholing pl/2019/10/internal places plain players please plhttp/1 plwhere pojawi polish ponowne possible post powinno prac prepare presented problem process:get prosimy protocol protocol:the proxy przebiegu przed przeprowadzeniem public published quality ranges: reached realm reasons received receiving redteam registered related reminder replace replaced report reported requests respond response responses responsible restarcie restarts restarty retail retrieved return right rogue routers rozpoczną rozłączeń safari/537 sameoriginlast sat scale scenario scenarios security selected sent serious servers service serwerów shexpmatch should showed showing shows side się social spear specific starting streamcontent strictly study successful successfully such suggested support tabs:even take then these thu ticket time timeline27 traffic triggering tuesday twitter twitterze tym type: unencrypted until update updates url use used used:function user users ushttp/1 using uzyskania verified victim web website wednesday when where which will window:maintenance windows without work working works world would wow64 wpad wpadblock wpadblocking wtorek your śledzić środa żywo: “we |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.