Presented at
BSidesLV 2023,
Aug. 8, 2023, 5 p.m.
(20 minutes).
The talk provides an overview of the evolution of Magecart attacks and how threat actors have become more sophisticated in their techniques over the years. The main focus of the talk is the attacker side of Magecart attacks, with an emphasis on the techniques used to bypass protections and conceal activities. The talk explores the different methods used by attackers to infiltrate websites, including exploiting vulnerabilities in third-party scripts and supply chain attacks. It covers the various techniques used by attackers to conceal their activities, such as obfuscating JavaScript code, disguising malicious code, using known vendors to inject and exfiltrate data, hiding sensitive information within images through steganography, using unusual methods to send network requests, and more.
Presenters:
-
Gal Meiri
I am a Senior Security Research Team Lead at Akamai, leading the security research of our In-Browser Protection solutions. I am a passionate web security researcher with vast research experience in the fields of client-side Javascript and browser capabilities. My main expertise in the field of client-side attacks is hunting and investigation Magecart attacks, financial malware attacks, phishing and bot detection.
-
Roman Lvovsky
Links:
Similar Presentations: