Browser exploitation framework
End users are seen as high-value targets that are also prone to attacks through social engineering and spear phishing campaigns. As we discussed before, client-side software presents an attractive attack surface when combined with social engineering attacks. Web browsers are one of the most widely used pieces of client-side software. You won't find even a single organisation that does not use web browsers for their day-to-day activities. Web browsers are used in a wide variety of activities, some of which are really critical. They are as follows:
Administration of many devices/appliances have now moved to a web browser from previously used think clients
Everything managed in your cloud infrastructure is done using a web browser
E-mail accounts to online net banking all rely on web browsers to make their products accessible to a large number of users
In Chapter 6, Exploiting Clients Using XSS and CSRF Flaws, we learned about the cross-site scripting flaw where an...
