TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

Forward into 2023: Browser and O/S Security Features

Kassie Kimball · 2023-01-18 · Read original ↗

ATT&CK techniques detected

10 predictions
T1055.001Dynamic-link Library Injection
96%
“is a user mode implementation. there are no supporting kernel drivers to date. the sandbox architecture breaks down into two processes : a broker process and a target process. the broker is the supervisor of the target processes doing the actual work. broker process broker proces…”
T1055.001Dynamic-link Library Injection
95%
“that have been authored in response to browser security concerns. please note that much of the below information has been researched and somewhat paraphrased from google blogs and design documents available online. there are several key architectural foundations and features in t…”
T1059.001PowerShell
85%
“powershell to kill the chrome process and then restart, loading the extension that has been dropped. concluding thoughts it is very clear that google has taken the attacks on the renderer and javascript engine, as well as the threat posed by speculative execution memory leakage, …”
T1176.001Browser Extensions
79%
“fake or malicious sites. - incognito mode : also known as private browsing mode. all browsing history and cookies will be deleted at the end of an incognito mode session. the browser will also not remember any information entered into forms or permissions granted to websites. - s…”
T1176.001Browser Extensions
68%
“can use all the chrome apis but cannot interact directly with web content. chrome extensions are officially published in the chrome web store. when installed, they allow the developer to request ( via the manifest ) a great deal of power and control over your web browser. things …”
T1176Software Extensions
51%
“can use all the chrome apis but cannot interact directly with web content. chrome extensions are officially published in the chrome web store. when installed, they allow the developer to request ( via the manifest ) a great deal of power and control over your web browser. things …”
T1176.001Browser Extensions
41%
“##ping away at the problem by proposing rewriting to a memory safe language for exposed components where it makes most sense. i also think we are likely to see more interest from the chrome / chromium team in the areas of control flow guard15 and control - flow enforcement techno…”
T1555.003Credentials from Web Browsers
36%
“fake or malicious sites. - incognito mode : also known as private browsing mode. all browsing history and cookies will be deleted at the end of an incognito mode session. the browser will also not remember any information entered into forms or permissions granted to websites. - s…”
T1176Software Extensions
34%
“##ping away at the problem by proposing rewriting to a memory safe language for exposed components where it makes most sense. i also think we are likely to see more interest from the chrome / chromium team in the areas of control flow guard15 and control - flow enforcement techno…”
T1055.001Dynamic-link Library Injection
34%
“reporter - disables crash reporting in headless mode. - – disable - extensions - http - throttling - disables the net : : urlrequestthrottlemanager ( ) functionality for http ( s ) requests originating from extensions. - – disable - web - security - does not enforce same site ori…”

Summary

Joff Thyer // Introduction We have already arrived at the end of 2022; wow, that was fast. As with any industry or aspect of life, we find ourselves peering into […]

The post <strong>Forward into 2023: Browser and O/S Security Features</strong>  appeared first on Black Hills Information Security, Inc..