GovWare 2022 Full Agenda

Loading

Big Browser - Attacking & Defending the Process that Knows Everything

18 Oct 2022
Level 3, Room GW3 | Sands Expo and Convention Centre
Enterprise Security and Data Protection: Trends & Technologies

Browsers know everything about us and compromising a browser means compromised passwords and cookies, eventually leading to MFA bypass and compromised sessions. Browsers like Chrome, Firefox, and maybe Edge are our gateway to the internet, making them a prime target for credentials stealing attacks. In fact, threat actors and credentials stealing malware commonly target browsers to compromise stored credentials and session cookies. So although it seems that browsers are extremely sensitive processes running on our endpoints, are we protecting them effectively? In this session, I will be reviewing common credentials stealing malware and techniques and a new attack surface - the browser memory that exposes cookies and passwords (in clear text); Lastly, I will review how to mitigate the common and new credentials compromising techniques.

 

Speakers
Andy Thompson, Global Research Evangelist - CyberArk