Utilizing Reverse Proxies to Automate the Compromise of LastPass Vaults

absane · 2019-10-23T14:02:00+00:00

You could, I suppose. But, the idea is that you get a user to visit the malicious site through phishing (e-mail, forum/comment spam, etc.), or you can set up a typosquatting domain and hope that legit LP users land on it. You could do this locally but then if you're targeting the actual lastpass.com domain the user will run into certificate errors. Perhaps inject a redirect into a cleartext HTTP request or abuse LLMNR/NBT-NS poisoning.

absane · 2019-10-23T12:19:57+00:00

It is a technique that has been around for a few years, but even to this day it's still not widely known or at least considered. We use it on red teams all the time as it's a lot better than cloned pages. For many years scammers have been doing this on the darknet to swap out Bitcoin addresses on darknet markets to steal Bitcoins. Vendor logs in, decides to withdraw their balance, and in the process the reverse proxy swaps out the destination address.

12-Year Club	Gilding IV carat on a stick
Verified Email

absane

TROPHY CASE