HTML Smuggling | Advanced Payload Delivery

💬 Join the Community https://discord.gg/JNQdVnEXkm 🖥️ Presentation https://tinyurl.com/html-smuggling 📌 About Often one of the most challenging stages of an assessment is delivering a payload and persuading the target user to execute it. Email attachments are an outdated technique, frequently subject to excessive scrutiny. A more effective approach is to utilise a combination of HTML and JavaScript, which benefit from their generally permissive handling and highly trusted nature! In HackerForce's latest video, sunflower discusses one such technique called 'HTML Smuggling', covering: - The anatomy of HTML smuggling and its advantages over older, conventional approaches - JavaScript 'blobs' and their central role in HTML smuggling - Developing an HTML smuggling payload to deliver Sliver implants from scratch, incorporating Base64 encoding So, whether you're working in offensive or defensive security, understanding this method is essential and this video provides comprehensive coverage! 📚 Resources JavaScript blobs: https://developer.mozilla.org/en-US/docs/Web/API/Blob Our complete HTML smuggling payload: https://github.com/0x73unflower/HackerForce/blob/main/Courses/RTO%20I/Initial%20Access/HTML%20Smuggling/index.html 🔔 Stay Connected X/Twitter: https://x.com/hackerforcex ⏱️ Timestamps 00:00 Introduction 01:57 Anatomy of HTML smuggling 04:05 HTML smuggling example 05:44 Anatomy of JavaScript blobs 07:01 Implementing JavaScript blobs 10:29 Implementing a HTML smuggling payload 15:51 Testing our HTML smuggling payload 16:10 Complete source code and challenges 16:37 Upcoming