SSRF vs Business Critical Applications

SSRF vs Business Critical Applications

Black Hat via YouTube Direct link

2 ERP Scan

2 of 32

2 of 32

2 ERP Scan

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

SSRF vs Business Critical Applications

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 2 ERP Scan
  3. 3 Enterprise applications: Definitions
  4. 4 Business-critical systems architecture
  5. 5 Secure corporate network
  6. 6 Corporate network attack scenario
  7. 7 SSRF History: Basics
  8. 8 SSRF history: World research
  9. 9 Trusted SSRF: Oracle Database
  10. 10 SSRF Types: SAP
  11. 11 Remote SSRF: Subtypes
  12. 12 Simple Remote SSRF: Login bruteforce
  13. 13 XXE Attacks on other services
  14. 14 Full Remote SSRF
  15. 15 Remote SSRF threats
  16. 16 XXE Tunneling to Verb Tampering
  17. 17 XXE Tunneling to Buffer Overflow (Hint 2)
  18. 18 XXE Tunneling to Buffer Overflow: Packet B
  19. 19 XXE Tunneling to Buffer Overflow (Hint 3)
  20. 20 XXE Tunneling to Rsh
  21. 21 Bypass SAP security restrictions
  22. 22 SAP Gateway server security bypass: Exploit
  23. 23 SAP Message Server security bypass
  24. 24 Oracle DB security bypass
  25. 25 Conclusion?
  26. 26 Purpose
  27. 27 How is it working?
  28. 28 Few steps
  29. 29 Action: Test
  30. 30 Action: Scan
  31. 31 Action: Attack
  32. 32 DEMO

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.