Circumventing Egress Filtering by Exploiting HTTP
Offered By: Security BSides London via YouTube
Course Description
Overview
Explore a Security BSides London conference talk on circumventing egress filtering through HTTP exploitation. Dive into the "transfer-encoding: chunked" mechanism for faster web shells, introduced during a red team engagement where traditional reverse and bind shells were ineffective. Learn about ChunkyTuna, a web shell that allows pivoting through compromised servers to reach deeper into target networks. Understand how this tool improves upon TUNNA by utilizing HTTP's chunked transfer encoding, offering near-direct access to STDIO streams of arbitrary processes or IO streams of TCP ports. Gain insights into advanced penetration testing techniques and network security vulnerabilities in this 23-minute presentation.
Syllabus
Circumventing egress filtering by exploiting HTTP - Lorenzo Grespan
Taught by
Security BSides London
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network