Dawn of the Dead - The Tale of the Resurrected Domain
The Department of Computer Engineering (DEI) of the Engineering Institute of Porto (ISEP), in collaboration with the Master in Computer Engineering (MEI), invites to participate in another lecture, this time with the theme “Dawn of the Dead - The Tale of the Resurrected Domain”, which will take place on 7th November, at 6 pm, at ISEP.
The event will take place in room B301.
Abstract
Today, our reliance on third-party dependencies is unprecedented, encompassing the software itself and the development, build chains, and various tools designed to enhance software development efficiency. A significant portion of these dependencies includes scripts dynamically loaded from third-party servers. What if these third-party hosts fail? Typically, browsers still attempt to run the web application, often resulting in numerous console errors unnoticed by users. This is a likely reason for the lax code maintenance observed in many websites, as their applications appear to function despite these underlying issues.
The risk escalates when script hosts are permanently shut down, often leaving their domains available for purchase. This scenario has recently been exploited by attackers, who acquire these domains to inject malicious scripts into websites still linked to the original URLs. We caught one such attack, injecting malicious code into several websites. The extent of this threat was unknown until our threat-hunting journey led to the discovery of over 1,000 compromised websites. This presentation will cover the whole saga from detection to neutralization, including the various challenges faced and tools built and employed.
- Oradores
- Data e local
- Inscrições
- Informação Adicional
Pedro Fortuna, CTO and Co-Founder, Jscrambler
Once on a trajectory to a full academic career, where he taught security and computer science courses for about 5 years - he ended up falling in love with the fast-paced world of entrepreneurship. He Started Jscrambler where he leads all security research and drives the company's product innovation on application security. Has more than 15 years of experience researching and working on web security. OWASP contributor. A regular speaker at several international security conferences. Hi main research interests lie in Application Security, Web Security, Reverse Engineering, Malware, and Software Engineering. Builder of solutions that require code rewriting, sandboxing, or both. PCI-SSC BoA. Author of several patents in application security. Chapter leader for OWASP Porto. Recently embraced fatherhood, his biggest and most important project to date.
Data: 2024-11-07
Horário: 6 pm
Local: B301
O evento não necessita de inscrição prévia.
Para mais informações: qtdei@dei.isep.ipp.pt
Organização: This lecture is organized by QTDEI in collaboration with the Master in Informatics Engineering (MEI) of the Engineering Institute of Porto (ISEP).