Web Cache Entanglement - Novel Pathways to Poisoning
Offered By: Black Hat via YouTube
Course Description
Overview
Syllabus
Intro
Unanswered questions in cache poisoning
Outline
Recap: cache poisoning concept
Recap: Practical Web Cache Poisoning (2018) Keyed GET /research?x=1 HTTP/1.1
Methodology
Unkeyed port
Unkeyed query detection
Unkeyed query effect Hides obvious XSS from pentesters & bug bounty hunters
Redirect Dos gadget
Cache parameter cloaking: Akamai?
Parameter cloaking: Rack::Cache?
Parameter cloaking: Ruby on Rails
Dynamic resource gadget
Unkeyed method
Local redirect gadget
Cache key normalisation
Normalisation gadgets - XSS
Cache key injection - Akamai
Cache key injection - Cloudflare? Select Prote Cloudflare documentation
Application Cache Poisoning - Adobe
Blind Internal Cache Poisoning - DoD
Recognising internal cache poisoning
Param Miner
Further Reading
Taught by
Black Hat
Related Courses
Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and BeyondBlack Hat via YouTube HTTP Desync Attacks - Request Smuggling Reborn
Black Hat via YouTube HTTP Desync Attacks - Smashing into the Cell Next Door
Black Hat via YouTube Host of Troubles - Multiple Host Ambiguities in HTTP Implementations
Association for Computing Machinery (ACM) via YouTube Request Smuggling 101
NorthSec via YouTube