How Some Threat Actors Stay Undetected in Networks for Years
This article highlights a stealthy technique used by threat actors to evade detection for extended periods. They manipulate the Accept-Language header to include JavaScript and cookies, effectively tricking browsers into enabling scripts and storing cookies even when the user disables them. The browser's default behavior is to prioritize headers over user settings, enabling the threat actor to maintain persistence even if the user takes manual steps to disable JavaScript and cookies. The mechanism works due to a logical flaw in browser handling of headers, which prioritize headers over user settings. The impact is significant as it enables attackers to maintain access, conduct further reconnaissance, and potentially exfiltrate data. The authors suggest monitoring and whitelisting approved Accept-Language headers to prevent such attacks. Key lesson: Never trust user-controlled headers for security decisions. #BugBounty #WebSecurity #StealthTechnique #ThreatActor #HeaderManipulation

https://medium.com/@paritoshblogs/how-some-threat-actors-stay-undetected-in-networks-for-years-6a40f28d2d2c?source=rss------bug_bounty-5