Could adservice simulate malicious crypto mining ads?

[agardnerIT]

Could the adservice include some malicious third party ads that hog CPU and thus simulate crypto mining attacks?

[W3D3]

The ad-service contains a zipslip vulnerability that can be exploited to override the JavaScript file that gets loaded on every ad request, so if you would exploit that vulnerability and ship a (fake) cryptominer JS file, your use-case should be covered.

See: https://github.com/dynatrace-oss/unguard/tree/main/exploit-toolkit/exploits/zip-slip#exploitation

I think it is a cool idea, and we could go on to include it as an example exploit.