YoVDO

A Pre-Auth RCE on Leading SSL VPNs

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Cybersecurity Courses Remote Code Execution (RCE) Courses Security Research Courses SSL VPNs Courses

Course Description

Overview

Explore a critical security vulnerability in leading SSL VPNs through this 57-minute conference talk from the Hack In The Box Security Conference. Discover how pre-authentication remote code execution (RCE) vulnerabilities affect nearly half of Fortune 500 companies and numerous government organizations. Learn about the discovery of a "magic" backdoor allowing unauthorized password changes, and witness demonstrations of gaining root shell access, weaponizing servers against their owners, and exploiting hidden features to compromise VPN clients. Delve into advanced web and binary exploitation techniques, including Apache jemalloc exploitation and web architecture vulnerabilities. Gain insights into post-exploitation strategies, attack vectors against SSL VPNs, and general hardening actions to mitigate potential zero-day threats. Understand the far-reaching implications of these vulnerabilities and the importance of viewing SSL VPNs not just as Virtual Private Networks, but as potential "Vulnerable Points of your Network."

Syllabus

#HITBGSEC D1: A Pre-Auth RCE On Leading SSL VPNs - Orange Tsai and Tingyi Chang


Taught by

Hack In The Box Security Conference

Related Courses

OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)
Cybrary
From Software Engineer to Security Researcher - Suz Hinton's Career Journey
freeCodeCamp
Assembly Language Adventures (1): Counting with two digits
Udemy
Assembly Language Adventures: Complete Course
Udemy
Reticle Dropping - An Intelligent F-BOMB
YouTube