Viral Video - Exploiting SSRF in Video Converters
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the critical security vulnerability of Server-Side Request Forgery (SSRF) in video converters during this Black Hat conference talk. Delve into how popular video processing tools like ffmpeg can be exploited through HLS (m3u8) playlist processing, potentially leading to full service takeovers. Learn about the implementation details that allow attackers to read files from video conversion servers and gain unauthorized access to cloud-based services. Discover a powerful tool for detecting and exploiting this vulnerability, and witness demonstrations of successful attacks on major platforms like Facebook, Telegram, Microsoft Azure, Flickr, Twitter, and Imgur. Gain valuable insights into the far-reaching implications of this "viral" video exploit and its impact on web application security.
Syllabus
Viral Video - Exploiting SSRF in Video Converters
Taught by
Black Hat
Related Courses
OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)Cybrary Popular Web Attacks - XSS, CSRF, SSRF, SQL Injection, MIME Sniffing, Smuggling and More
Hussein Nasser via YouTube API-Induced SSRF - How Apple Pay Scattered Vulnerabilities Across the Web
Black Hat via YouTube A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages
Black Hat via YouTube SSRF PWNs - New Techniques and Stories
Hack In The Box Security Conference via YouTube