YoVDO

The Best Laid Schemes - Attacking URL Schemes

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Penetration Testing Courses Web Security Courses Vulnerability Analysis Courses Arbitrary Code Execution Courses

Course Description

Overview

Explore an innovative attack route utilizing URL schemes in this conference talk from the Hack In The Box Security Conference. Delve into the background of URL and URI schemes, examining their similarities and differences. Discover how to leverage and exploit URL schemes to expand attack surfaces and overcome limitations in current SSRF and XXE attack methods. Investigate URL scheme attack surfaces exposed through various browsers across different platforms, and analyze potential client vulnerabilities resulting from rendering these URL schemes. Learn about a previously undisclosed 0day vulnerability in Mozilla Firefox's web browser that leads to arbitrary code execution. Gain insights from Yu Hong, an experienced independent security researcher with over 7 years of expertise in web security research and web application penetration testing, who has contributed to vulnerability discoveries acknowledged by major tech companies.

Syllabus

#HITB2017AMS D2T2 - The Best Laid Schemes: Attacking URL Schemes - Yu Hong


Taught by

Hack In The Box Security Conference

Related Courses

Breaking VSM by Attacking SecureKernel
Black Hat via YouTube
Kernel Exploitation with a File System Fuzzer
Hack In The Box Security Conference via YouTube
The Road to iOS Sandbox Escape
Hack In The Box Security Conference via YouTube
The Great Escape of ESXi
media.ccc.de via YouTube
Exploiting QSEE, The Raelize Way
Hack In The Box Security Conference via YouTube