SSRF vs Business Critical Applications
Offered By: Black Hat via YouTube
Course Description
Overview
Syllabus
Intro
2 ERP Scan
Enterprise applications: Definitions
Business-critical systems architecture
Secure corporate network
Corporate network attack scenario
SSRF History: Basics
SSRF history: World research
Trusted SSRF: Oracle Database
SSRF Types: SAP
Remote SSRF: Subtypes
Simple Remote SSRF: Login bruteforce
XXE Attacks on other services
Full Remote SSRF
Remote SSRF threats
XXE Tunneling to Verb Tampering
XXE Tunneling to Buffer Overflow (Hint 2)
XXE Tunneling to Buffer Overflow: Packet B
XXE Tunneling to Buffer Overflow (Hint 3)
XXE Tunneling to Rsh
Bypass SAP security restrictions
SAP Gateway server security bypass: Exploit
SAP Message Server security bypass
Oracle DB security bypass
Conclusion?
Purpose
How is it working?
Few steps
Action: Test
Action: Scan
Action: Attack
DEMO
Taught by
Black Hat
Related Courses
Blockchain Scalability and its Foundations in Distributed SystemsThe University of Sydney via Coursera Don's Introduction to Ethical Hacking for Beginners
Udemy Hacking und Netzwerkanalyse mit Wireshark - Der Komplettkurs
Udemy Penetration Testing of Identity, Authentication and Authorization Mechanism
Pluralsight ASP.NET MVC 5 Identity: Authentication and Authorization
LinkedIn Learning