Malware deployment is a critical stage during a red team exercise, as it allows redteam operators, if performed successfully, to gain access to a target’s internal network. For a while, the easiest way of delivering malwares was to send an email with an attachment, the malware itself. Although this technique still sometimes works, blue teams are monitoring it more and more, and numerous security tools were created to block such attachments. As such, it was necessary to find others ways of delivering malwares. This presentation introduces one, cache smuggling, which leverages browser caching mechanisms to bypass traditional security defenses and deliver malwares. Additionally, we will see that such mechanisms can be used to facilitate silent reconnaissance of internal networks as well as information gathering and, finally, how you can protect your company and yourself against it.
Talk
Cache Me If You Can: Smuggling Payloads via Browser Caching Systems
March 14, 11:30 (CLOUD)
Speaker

Aurélien Chalot
Hey ! I'm Aurélien Chalot, a french hacker who's been working at Orange Cyberdefense for the last 6 years. As an ethical hacker I've spent quite a lot of time auditing lots of differents technologies, trying to understand how they work and ultimately how it can be broken. I mainly focus on researching Windows as I find it super interesting to turn its internal mechanisms against itself but I really like hacking pretty much everything!