Web Cache Entanglement - Novel Pathways to Poisoning

Web Cache Entanglement - Novel Pathways to Poisoning

Black Hat via YouTube Direct link

Outline

3 of 25

3 of 25

Outline

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Web Cache Entanglement - Novel Pathways to Poisoning

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Unanswered questions in cache poisoning
  3. 3 Outline
  4. 4 Recap: cache poisoning concept
  5. 5 Recap: Practical Web Cache Poisoning (2018) Keyed GET /research?x=1 HTTP/1.1
  6. 6 Methodology
  7. 7 Unkeyed port
  8. 8 Unkeyed query detection
  9. 9 Unkeyed query effect Hides obvious XSS from pentesters & bug bounty hunters
  10. 10 Redirect Dos gadget
  11. 11 Cache parameter cloaking: Akamai?
  12. 12 Parameter cloaking: Rack::Cache?
  13. 13 Parameter cloaking: Ruby on Rails
  14. 14 Dynamic resource gadget
  15. 15 Unkeyed method
  16. 16 Local redirect gadget
  17. 17 Cache key normalisation
  18. 18 Normalisation gadgets - XSS
  19. 19 Cache key injection - Akamai
  20. 20 Cache key injection - Cloudflare? Select Prote Cloudflare documentation
  21. 21 Application Cache Poisoning - Adobe
  22. 22 Blind Internal Cache Poisoning - DoD
  23. 23 Recognising internal cache poisoning
  24. 24 Param Miner
  25. 25 Further Reading

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.