The browser is the new endpoint, and it's under attack. Attacks are happening entirely inside the browser sandbox, targeting applications directly over the internet, and blending in with legitimate web and network traffic, application access, and user activity. This is a significant challenge for security teams. Existing security tools can't get visibility of what's happening inside the browser. Attackers know this, and are ruthlessly exploiting the browser blindspot. This is fuelling a lot of attacker innovation, with new tools and techniques constantly emerging. Push Security VP R&D Luke Jennings is joined by John Hammond, Senior Principal Security Researcher at Huntress, to demonstrate the latest browser-based attack techniques. Ride along with Luke and John as they analyse real-world attacks, covering:

• ConsentFix, the browser-native ClickFix attack linked to Russian APTs
• Session-stealing, MFA-bypassing phishing campaigns targeting enterprises over LinkedIn and Google Ads
• The latest social engineering tradecraft and detection evasion techniques
• What the future of browser-based attacks looks like and what security teams can do about it