Hunting Asynchronous Vulnerabilities
Offered By: 44CON Information Security Conference via YouTube
Course Description
Overview
Explore advanced techniques for uncovering hidden vulnerabilities in blackbox testing scenarios during this 33-minute conference talk from the 44CON Information Security Conference. Delve into the world of exploit-induced callbacks, a powerful method for detecting issues that may not present visible symptoms, such as blind second-order SQL injection and shell command injection via background processes. Learn how to extend callback techniques beyond basic examples to identify blind and asynchronous vulnerabilities across various technologies, including XXE, (DOM)XSS, SQL injection, SMTP, and XML injection. Examine a range of strategies for triggering application callbacks, from simple approaches to complex cross-technology exploit chains. Gain insights into managing the infrastructure required for automating the discovery of these elusive vulnerabilities, along with practical advice for implementing these techniques safely in production environments.
Syllabus
Hunting Asynchronous Vulnerabilities Presented By James Kettle
Taught by
44CON Information Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network