BeEF XSS stealth injection in Advanced Social eng. series by EyesOpen security
Speech Synthesis
In this scenario we use more than one common social engineering tricks to push our victim to download and install a malicious file. For achieving this task we will control her browser and drop our malicious file in some manner that will erase all suspicion. Here is the "BeEF in the Middle" Attack. A conjonction of MiTM attack, Html injection and XSS exploitation. All the users who will browse a web site and are in the same LAN than you, will have their browser automatically passed under your control. And you will deploy a file of your choise using a trusted canal: legit website. Here we don't use a drive-by download attack but in order to push this scenario to the next level, you can run a drive-by download in place of a download link used in this video. Take a look.
2013-05-27 07:50:02
source
Gloss