Tweet
Initial compromise seems to be tied to client side, but, there are several attack vectors on Web side besides a simple RCE.
During this talk I will show 3 cases of getting the initial compromise through vulnerabilities found in application servers and thin clients services going from breaking authentication process, escaping controls and how to solve some challenges during exploitation of what seems an easy peasy. Objectives of this talk are : show how important is to make a good OSINT, make a good dictionary, manage escape sequences in thin client services, how to modify already developed exploits for our current target and the benefit for blue teams to have applications security integrated with infrastructure/operations security.
Speaker(s): Walter Cuestas
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-08 11:00 (11:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-08 12:00 (12:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:26 (UTC).
During this talk I will show 3 cases of getting the initial compromise through vulnerabilities found in application servers and thin clients services going from breaking authentication process, escaping controls and how to solve some challenges during exploitation of what seems an easy peasy. Objectives of this talk are : show how important is to make a good OSINT, make a good dictionary, manage escape sequences in thin client services, how to modify already developed exploits for our current target and the benefit for blue teams to have applications security integrated with infrastructure/operations security.
Speaker(s): Walter Cuestas
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-08 11:00 (11:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-08 12:00 (12:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:26 (UTC).