Positive tech russia
HTML Smuggling has been discussed many times, but at PHDays 12 I was asked a question from the audience: why am I talking about the technology of 2017-2018, which is no longer so relevant and which, for example, is not covered in detailwroteOutflank. HTML Smuggling is by no means a new technique — there was no talk of that. But it is still a powerful way to deliver a load to a host, and is unlikely to become obsolete anytime soon — due to its flexibility and versatility both in terms of code implementation (we can implement the attack using different JavaScript methods) and in terms of code obfuscation.
The flexibility and versatility of HTML Smuggling can be viewed in several ways:
1. Delivery: We can use different methods to initiate the unpacking and downloading of our payload, and take steps to ensure that this does not happen during dynamic sandbox analysis or dynamic AV analysis on the host.
2. Obfuscation. Transformation of the payload (for example, a ZIP archive) to bypass signature and heuristic detections.
Examples of obfuscation:
https://ptresearch.media/articles/kto-stuchitsya-k-vam-v-pochtu-soczialnaya-inzheneriya-2024
