Backslash Powered Scanning - Hunting Unknown Vulnerability Classes

Explore an innovative approach to web vulnerability scanning in this Black Hat conference talk. Delve into the development of a new scanning technique that goes beyond traditional methods of searching for server-side injection vulnerabilities. Learn how this alternative approach can identify and confirm both known and unknown classes of injection vulnerabilities. Discover the journey from conception to implementation, including topics such as Port Swagger, security through obscurity, performance issues, and the challenges of scanning 2000 sites. Gain insights into specific vulnerability types like PHP code injection and Regex injection, as well as strategies for handling false positives and intelligence gathering. Understand the limitations of existing scanners and how this new methodology aims to overcome them, potentially revolutionizing the field of web security testing.

Introduction
Background
Outline
Port Swagger
Security through obscurity
Security through wellknown languages
scanners cant do that
what we need
payload
baseline
response analysis
performance issues
random content
cosmetic changes
running the scanner on 2000 sites
distributing damage
scanning results
PHP code injection
Regex injection
False positives
Intelligence
ResearchGrade
Teslas
Input Enumeration