XMPP Stanza Smuggling or How I Hacked Zoom
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a groundbreaking security vulnerability in XMPP-based applications through this 36-minute Black Hat conference talk. Delve into the concept of XMPP stanza smuggling, a novel attack vector targeting XMPP client software. Discover how subtle XML parsing quirks can be exploited to inject attacker-controlled XMPP control messages into victim clients, and understand why the XMPP protocol's design makes it particularly vulnerable to such attacks. Learn how this technique led to a zero-click remote code execution vulnerability in the Zoom client. Presented by Ivan Fratric, this talk provides valuable insights for security professionals, developers, and anyone interested in messaging protocol security.
Syllabus
XMPP Stanza Smuggling or How I Hacked Zoom
Taught by
Black Hat
Related Courses
Security Principles(ISC)² via Coursera A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera FinTech for Finance and Business Leaders
ACCA via edX Access Control Concepts
(ISC)² via Coursera Access Controls
(ISC)² via Coursera