Exploiting IPC With New Desynchronization Primitives
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore advanced HTTP exploitation techniques targeting SAP's Internet Communication Manager in this conference talk from Hack In The Box Security Conference. Delve into two critical memory corruption vulnerabilities, CVE-2022-22536 and CVE-2022-22532, that affected 90% of Fortune 500 companies. Learn how to leverage these vulnerabilities using high-level protocol exploitation methods, including HTTP Smuggling and a new technique for system takeover without proxies. Discover the first Desync botnet using only JavaScript and Client-Side Desynchronization. Examine a Use After Free vulnerability in shared memory buffers for Inter-Process Communication, and explore methods for corrupting HTTP backend server caches using Response Smuggling. Gain insights into obtaining Remote Code Execution by corrupting address pointers. Analyze these exploitation techniques across various HTTP servers and review defensive strategies for developers and web architects. Learn about a detection tool for CVE-2022-22536 and the global impact of these "ICMAD" vulnerabilities on enterprise security.
Syllabus
#HITB2023AMS D2T2 - Exploiting IPC With New Desynchronization Primitives - Martin Doyhenard
Taught by
Hack In The Box Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network