Offensive XSLT - Nicolas Gregoire - Hack in Paris
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore the security implications of XSLT engines in this 49-minute conference talk from Hack in Paris. Delve into the systematic and bottom-up approach to uncovering high-impact vulnerabilities in applications utilizing XSLT engines. Learn about the research plan, software complexity, and accessibility of XSLT functionalities. Examine real-world examples and methodologies, including impacts on various platforms like Safari, Linux, iPhone, and PHP. Discover how XSLT transformations can be exploited, and understand the potential for attacks through XML, SecXSLT, and other vectors. Gain insights into vendor responses and the broader implications for cybersecurity.
Syllabus
Introduction
Research Plan
Software Complexity
BottomUp Approach
Accessibility
Example
Methodology
Accessibility XSLT
Research
New XSLT
Altova
Who is impacted
Safari
Linux
iPhone
PHP
Google
XSLT Transformation
XMLSec
XSLT Engine
PHP GSP
JSP
Metasploit
Maccon
USB attacks
Vendors
Taught by
Hack in Paris
Related Courses
NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in ParisHack in Paris via YouTube All Roads Lead to OpenVPN Pwning Industrial Remote Access Clients - Sharon Brizinov - Hack in Paris - 2021
Hack in Paris via YouTube Exploits in Wetware - R. Sell - Hack in Paris - 2019
Hack in Paris via YouTube All Your GPS Trackers Belong to Us - C. Kasmi, P. Barre - Hack in Paris - 2019
Hack in Paris via YouTube In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass - E. Carroll - Hack in Paris - 2019
Hack in Paris via YouTube