Application Penetration testers often create tailored weaponized JavaScript payloads to use in engagements. The ability to create these payloads that perform malicious actions in the application is often dependent upon the authenticated access provided to penetration testers. Red Teams have a different set of challenges and opportunities that are often not conducive to developing tailored JavaScript payloads. Custom applications often have unknown functionalities and require a generic payload. Red Teams also have opportunities to introduce malicious JavaScript beyond XSS vulnerabilities.

During this webinar, Senior Security Consultant, Drew Kirkpatrick (GWAPT, GMOB, OSCP) will introduce a new open source tool, JS-Tap, that is designed to allow Red Teamers to attack applications using generic JavaScript used as either a post-exploitation implant or an XSS payload. 

In this webinar, you will learn how JS-Tap:

• Captures sensitive data as users interact with the application

• Scrapes cookies and local storage, potentially disclosing sensitive session data

• Captures keyboard inputs, application screenshots, and API calls made by the application

• Captures HTML content providing the application insight needed to develop targeted XSS payloads for future attacks.

Join us as Drew provides new ways to introduce malicious JavaScript beyond XSS vulnerabilities. Don't miss out on your chance to take your Red Team weaponization tactics to new levels!