Practical Web Cache Poisoning - Redefining 'Unexploitable'
Offered By: Black Hat via YouTube
Course Description
Overview
Explore practical web cache poisoning techniques in this 44-minute Black Hat conference talk by James Kettle. Delve into the vulnerabilities of modern web applications' caching systems and content delivery networks. Learn how to exploit esoteric web features to transform caches into exploit delivery systems, potentially affecting all visitors to a website's homepage. Discover the caching threat landscape, cache poisoning objectives, and methodologies. Examine topics such as cache keys, unkeyed input detection, DOM poisoning, and cross-cloud poisoning. Gain insights into defensive strategies and key takeaways for securing web applications against these sophisticated attacks.
Syllabus
Intro
Param Miner
Outline
Caching Threat Landscape
Cache poisoning objective
Cache keys
Cache key collisions
Cache Poisoning Methodology
Trusting headers
Unkeyed input detection
Explore and Inject
Seizing the Cache
Selective poisoning
DOM Poisoning
Mystery Interaction
Mozilla SHIELD
Chaining Unkeyed Inputs
Hidden Route Poisoning
Resource Hijacking
Open Graph hijacking
Cross-Cloud Poisoning: Cloudflare
Beyond fake hosts
External cache poison (1/3)
Internal cache poison (2/3)
Drupal Open redirect (3/3)
Combining ingredients
Defense
Takeaways
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube