YoVDO

XMPP Stanza Smuggling or How I Hacked Zoom

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Software Security Courses Network Protocols Courses XML parsing Courses

Course Description

Overview

Explore a groundbreaking security vulnerability in XMPP-based applications through this 36-minute Black Hat conference talk. Delve into the concept of XMPP stanza smuggling, a novel attack vector targeting XMPP client software. Discover how subtle XML parsing quirks can be exploited to inject attacker-controlled XMPP control messages into victim clients, and understand why the XMPP protocol's design makes it particularly vulnerable to such attacks. Learn how this technique led to a zero-click remote code execution vulnerability in the Zoom client. Presented by Ivan Fratric, this talk provides valuable insights for security professionals, developers, and anyone interested in messaging protocol security.

Syllabus

XMPP Stanza Smuggling or How I Hacked Zoom


Taught by

Black Hat

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network