Red tip #310: SOC is looking for low user/access count new domains that haven't been seen before and you can't domain front due to RFC2616 proxy? When doing the phish, add invisible image links to your C2 domain so that multiple users will have loaded the C2 domain before use.
-
Show this thread
-
Replying to @vysecurity
Yet another reason browsers should block all third-party resource requests.
3 replies 0 retweets 3 likes -
Replying to @RichFelker
:D But then that means my website can't use images from another website. But that's a decent idea. You could just write a script that lets you specify as a parameter the image to display to the user... But hey, that could turn out with lots of OWASP TOP 10 if homegrown.
1 reply 0 retweets 1 like -
Replying to @vysecurity
It utterly eliminates CSRF and destroys the whole adtech business model. Worth any minor inconveniences.
1 reply 0 retweets 14 likes -
Replying to @RichFelker @vysecurity
Not if the ad is proxied from their server
2 replies 0 retweets 0 likes -
Replying to @arosemenae @vysecurity
Sure it does. If the ad is proxied through the publisher, the advertiser has no way of determining if the publisher is forwarding a real ad view or fabricating one to increase the amount they get paid.
1 reply 0 retweets 0 likes -
The business model inherently depends on the advertiser having direct access to the victim's browser.
1 reply 0 retweets 1 like -
I'm specifically talking about adtech, not traditional advertising where advertiser pays fixed price based on reputation & perceived reach of the publication. Adtech inherently has adversarial relationship with both publisher and audience.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @vysecurity
Well if this were to happen, "adtech" would have to fallback to the traditional model
1 reply 0 retweets 1 like
Exactly. And then it would be non-malicious.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.