Slides of my talk on the versatality of JavaScript, presented at JSFoo Coimbatore 2019.

The talk primarily introduces the versatility of JS from an attacker point of view to developers. The talk covers examples of how JS can be used to detect vulnerabilities, build payloads, reliably exploit software, infra and humans alike.

The talk covers the following areas from an offensive security point of view:

  • Using Beef to extend XSS attacks
  • Mutation XSS and the recently discovered Google XSS vector (why it worked)
  • Server Side JS attacks and Remote Code executions
  • JS and Desktop applications, code execution and vulnerabilities
  • Breaking Filters and WAFs using altered representation of JS and its objects
  • Malware and JS obfuscation
  • Using JS to fuzz browsers and earn money
  • Attacking network devices (home routers and switches) using JavaScript