Exploiting IPC With New Desynchronization Primitives
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore advanced HTTP exploitation techniques targeting SAP's Internet Communication Manager in this conference talk from Hack In The Box Security Conference. Delve into two critical memory corruption vulnerabilities, CVE-2022-22536 and CVE-2022-22532, that affected 90% of Fortune 500 companies. Learn how to leverage these vulnerabilities using high-level protocol exploitation methods, including HTTP Smuggling and a new technique for system takeover without proxies. Discover the first Desync botnet using only JavaScript and Client-Side Desynchronization. Examine a Use After Free vulnerability in shared memory buffers for Inter-Process Communication, and explore methods for corrupting HTTP backend server caches using Response Smuggling. Gain insights into obtaining Remote Code Execution by corrupting address pointers. Analyze these exploitation techniques across various HTTP servers and review defensive strategies for developers and web architects. Learn about a detection tool for CVE-2022-22536 and the global impact of these "ICMAD" vulnerabilities on enterprise security.
Syllabus
#HITB2023AMS D2T2 - Exploiting IPC With New Desynchronization Primitives - Martin Doyhenard
Taught by
Hack In The Box Security Conference
Related Courses
Browser Hacking With ANGLEHack In The Box Security Conference via YouTube Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube