This is what we will discuss and explore more in this post, and it is a summary of one of the techniques described in the book “Cybersecurity Attacks - Red Team Strategies”.Īt a high level, remote debugging is a development/test feature which, for some reason, made it into the ordinary retail version of Chrome. However, remote debugging also allows observing user activities and sensitive personal information (aka spying on users) and controlling the browser from a remote computer.īelow screenshot shows a simulated attacker controlling the victim’s browser and navigating to chrome://settings to inspect information:
This is a pretty well-known and commonly used adversarial technique - at least since 2018 when Cookie Crimes was released. #red #blue #cookies #book #ttp #post-exploitationĬhrome’s remote debugging feature enables malware post-exploitation to gain access to cookies.
0 kommentar(er)
