Room for Escape - Scribbling Outside the Lines of Template Security
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a Black Hat conference talk that delves into the security vulnerabilities of Content Management Systems (CMS) and collaboration platforms. Learn about the potential risks associated with template engines, safe mode attacks, and object data sources. Discover how attackers can exploit design mode, web configurations, and unsafe decentralization in popular platforms like SharePoint. Gain insights into template API analysis, object dumpster diving, and time-of-use problems. Understand the importance of proper security measures in digital communication and collaboration tools through real-world examples and attack demonstrations. Equip yourself with knowledge to better protect your organization's content pipelines and workforce collaboration platforms.
Syllabus
Introduction
Security Basics
Page Filter
Server Side Components
Safe Mode
Safe Mode Attacks
Object Data Source
Validation Key
Content Management System
Access to Resources
Design Mode
Web Config
Safe Control List
MicroView Control
Side Page
Example
Attack Demo
Unsafe Decentralization
Vulnerability in SharePoint Server
Time of Use Problems
Web Part Editing
Verify Control
Template Engines
Template API
Analysis
Object Dumpster Diving
Free Marker
Summary
QA Announcement
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube