Botnets have got a lot of popularity during the recent time. And we have also seen various kinds of botnets ranging from IRC bots to P2P to HTTP bots. In this talk, we will be discussing about the advanced trends in a different kind of botnets, which operate via Browsers, also known as Browser Based Botnets.
We will be demonstrating how we can use the various HTML5 APIs in order to perform a full fledged bot attack with a remote C&C server. One of the interesting points is, in our case, the browser does not need to be vulnerable, instead we would be using its legitimate properties in order to craft our attack, get full access to the victim’s system, spread in the network, and perform further exploitation.