Cracking the Lens - Targeting HTTP's Hidden Attack-Surface
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the hidden attack surface of modern websites in this 44-minute Black Hat conference talk. Delve into the often-overlooked vulnerabilities within transparent systems designed to enhance performance, extract analytics, and provide additional services. Learn about exploiting collaboration features, chaining proxy servers, and leveraging off-the-shelf exploits. Discover techniques for targeting internal networks, extracting profile headers, and utilizing refer headers. Gain insights into reverse proxy fetching, collaboration vulnerabilities, and replication methods. Understand prevention strategies and walk away with a comprehensive summary of this critical aspect of web security.
Syllabus
Introduction
Trace Routes
Outline
Collab Everywhere
Who Did I Target
Exploits
Impact
Chaining Proxy Servers
New Relic Internal Network
GlobalEEKS
Exploiting Helpers
Extract Profile Header
Refer Header
Offtheshelf exploits
What else can you do
Hack Ability
Final Exploit
Reverse Proxy Fetch
Collaborate
Facebook
Collaboration Everywhere
Replication
Prevention
Summary
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube