Kaspersky SAS - Ghost in the Browser: Broad-Scale Espionage with Bitsquatting

Date & Time:
Past Event
Bishop Fox speaking engagements on offensive security research and tools.

Bitflips happen more than you know, especially on mobile devices and especially on cheap phones with memory that has higher FIT rates (Failures-In-Time). In the past, encryption in-transit (TLS/SSL) would have protected you against the most dangerous opportunistic attackers because it was cost prohibitive. Today however, certificates are free. Free for you and threat actors, thanks to Let’s Encrypt and major cloud providers. While free certificate authorities are a net positive for internet security, we already know attackers are leveraging the HTTPS lock for subverting security awareness training and more successful phishing. What about corporate espionage? That’s precisely what we investigated and will demonstrate with this talk.

Demonstrations with bitsquatting include:

  • How to steal passwords
  • How to steal DOM and session tokens
  • How to capture screenshots of what victims are seeing while browsing the web
  • How to persist in their cache and spy on their browsing activities

Investigations will include:

  • What are the most popularly requested domains by machines (phones, laptops, servers, CI/CD, etc)
  • Who has registered bit squats on these domains and has listening ports on HTTP/HTTPS/SMTP?
  • What are the actively listening domains and what can they do with these bit squats?
  • How are we going to monitor these bit squats for abuse?

Come witness an unfortunate side effect to achieving HTTPS everywhere and learn what can be done to mitigate the risk of this threat. Bad guys beware, good guys beware, anyone could be passively and opportunistically snooping on your packets.

Partner Rob Ragan and Principal Security Associate Oscar Salazar will present their Ghost in the Browser: Broad-Scale Espionage with Bitsquatting talk at Kaspersky SAS in Singapore on Wednesday, April 10, 2019.


Rob ragan

About the speaker, Rob Ragan

Principal Researcher

Rob Ragan is a Principal Researcher at Bishop Fox. Rob focuses on pragmatic solutions for clients and technology. He oversees strategy for continuous security automation. Rob has presented at Black Hat, DEF CON, and RSA. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard's Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

More by Rob

Oscar salazar

About the speaker, Oscar Salazar

Principal Product Researcher

Oscar Salazar is a Principal Product Researcher at Bishop Fox. In this role, he has experience with red teaming, application penetration testing, source code review, network penetration testing, secure software design, and product security reviews. He focuses on research and development of the Continuous Attack Surface Testing (CAST) platform. Oscar has presented at many of the leading security conferences including Black Hat USA, DEF CON, RSA, BSides, Hacker Halted, SyScan 360, and SAS. His research, particularly surrounding anti-anti-automation, has appeared in Wired, eWeek, Fox News, Threatpost, and Gigaom.

Additionally, he has been a featured speaker on the Dark Reading Radio series. Prior to joining Bishop Fox, Oscar served as a web security research engineer at Hewlett Packard's Application Security Center where he designed and developed security checks for the WebInspect web application security scanner. In addition, his research involved developing more effective methods of scanning web applications.

More by Oscar

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.