No announcement yet.

Shadow Workers: Backdooring with Service Workers

  • Filter
  • Time
  • Show
Clear All
new posts

  • Shadow Workers: Backdooring with Service Workers

    Saturday from 14:00 – 15:50 in Sunset 6 at Planet Hollywood
    Audience: Offensive Security, AppSec Emmanuel Law & Claudio Contin

    This presentation is focused around Shadow Workers, a tool that came out of our research on service workers. Service Workers are a new addition to modern browser and often used to extend offline capabilities to a website. With this tool, we weaponized service workers to include the ability to implant a pseudo backdoor in the browser and ghost through a victim's browser session to sniff, manipulate, and even proxy data silently. We'll demo the various persistence mechanisms our tool provides to keep service workers alive and demo how MITM can be done at the browser layer.

    Emmanuel Law
    Emmanuel Law (@libnex) is currently a security engineer in the Bay Area. He spends his free time researching news ways to break stuff and has presented at various international conferences such as Black Hat Arsenal, Ruxcon, Kiwicon, Troopers etc.

    Claudio Contin
    Claudio Contin (@claudiocontin) is a security consultant with ZX Security in Wellington, New Zealand. Before working in security, he spent several years developing web applications. He has presented at Bsides SF, Kiwicon and OWASP conferences. During his free time, he contributed to various open-source projects such as BEeF framework and Gophish.