Project MVP Hacking and Protecting SharePoint

Explore SharePoint security vulnerabilities and protection strategies in this 21-minute conference talk from Derbycon 2016. Dive into the world of SharePoint hacking and defense, covering topics such as SharePoint architecture, common attack vectors, and essential security measures. Learn about authentication bypass techniques, discover critical SharePoint URLs to search for vulnerabilities, and gain insights into the mindset of SharePoint hackers. Understand the differences between SharePoint Standard and Enterprise editions, and examine a sample SharePoint team site to identify potential weak points. Engage with practical demonstrations and real-world examples to enhance your knowledge of SharePoint security. Conclude with valuable final thoughts and a Q&A session to address specific concerns and deepen your understanding of SharePoint protection strategies.

Intro
Comics, Sci-Fi, Net Runner
Love Hardware
Learning Objective
Microsoft SharePoint Standard
SharePoint Enterprise
Sample SharePoint Team Site
SharePoint Farm Architecture
Internet Information Server
SharePoint Server CVE Details
Who are the SharePoint Hackers Hackers / Pentesters
Hacking Methods
SharePoint URLS TO Search
Switch to DEMO
Authentication - Punch a hole thru the wall
inurl:"spdisco.aspx"
Final Thoughts
Questions and Answers