Practical Web Cache Poisoning - Redefining 'Unexploitable'

Practical Web Cache Poisoning - Redefining 'Unexploitable'

Black Hat via YouTube Direct link

Cache key collisions

7 of 29

7 of 29

Cache key collisions

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Practical Web Cache Poisoning - Redefining 'Unexploitable'

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Param Miner
  3. 3 Outline
  4. 4 Caching Threat Landscape
  5. 5 Cache poisoning objective
  6. 6 Cache keys
  7. 7 Cache key collisions
  8. 8 Cache Poisoning Methodology
  9. 9 Trusting headers
  10. 10 Unkeyed input detection
  11. 11 Explore and Inject
  12. 12 Seizing the Cache
  13. 13 Selective poisoning
  14. 14 DOM Poisoning
  15. 15 Mystery Interaction
  16. 16 Mozilla SHIELD
  17. 17 Chaining Unkeyed Inputs
  18. 18 Hidden Route Poisoning
  19. 19 Resource Hijacking
  20. 20 hackxor
  21. 21 Open Graph hijacking
  22. 22 Cross-Cloud Poisoning: Cloudflare
  23. 23 Beyond fake hosts
  24. 24 External cache poison (1/3)
  25. 25 Internal cache poison (2/3)
  26. 26 Drupal Open redirect (3/3)
  27. 27 Combining ingredients
  28. 28 Defense
  29. 29 Takeaways

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.