Explore the dark potential of online advertising networks in this eye-opening LASCON conference talk. Discover how easily attackers can create massive JavaScript-driven browser botnets for pennies, leveraging ad networks to distribute malicious code at scale. Learn about the various attack vectors, including DDoS, email spam campaigns, hash cracking, and password brute-forcing, all achievable through simple HTML5 and JavaScript. Understand the power of Cross-Site Request Forgery (CSRF) attacks that require no zero-days or malware, leaving no traces behind. Examine the evolution of web attack methods and why advertising networks present a uniquely scalable and invisible threat. Dive into topics such as JavaScript malware, de-anonymization, intranet hacking, web workers, and distributed services. Witness live demonstrations of botnet creation and control, and grasp the implications of this easily accessible attack vector for web security.