Aleksandr Kolchanov

Speaker

Designation :

Independent Security Researcher


Talk Title :

Service Workers VS Corporate Firewalls


Abstract :

Corporate firewalls with an HTTP(S) traffic inspection features are used to control access to the websites and block malicious and dangerous resources. Service workers are specialized JavaScript assets that act as proxies between web browsers and web servers. They aim to improve reliability by providing offline access, as well as boosting page performance. But what happens, when a service worker was used by a blocked website? I will show the results of my research about using service workers for the attack on corporate firewalls.

Bio :

Aleksandr Kolchanov is a security researcher and consultant. He takes part in different bug bounty programs (PayPal, Facebook, Yahoo, Coinbase, Protonmail, Yandex, Privatbank). Aleksandr is interested in uncommon security issues, telecom problems, privacy, and social engineering. Speaker at PHDays 2018, 2019, 2021, 2022, c0c0n 2018, DeepSec 2018 and 2019, HiTB 2019, Infosec in the City 2019, OzSecCon 2019, Hacktivity 2019, No cON Name 2019 and BSides.

Want to connect with Aleksandr Kolchanov?