Completed
Outline
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Web Cache Entanglement - Novel Pathways to Poisoning
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Unanswered questions in cache poisoning
- 3 Outline
- 4 Recap: cache poisoning concept
- 5 Recap: Practical Web Cache Poisoning (2018) Keyed GET /research?x=1 HTTP/1.1
- 6 Methodology
- 7 Unkeyed port
- 8 Unkeyed query detection
- 9 Unkeyed query effect Hides obvious XSS from pentesters & bug bounty hunters
- 10 Redirect Dos gadget
- 11 Cache parameter cloaking: Akamai?
- 12 Parameter cloaking: Rack::Cache?
- 13 Parameter cloaking: Ruby on Rails
- 14 Dynamic resource gadget
- 15 Unkeyed method
- 16 Local redirect gadget
- 17 Cache key normalisation
- 18 Normalisation gadgets - XSS
- 19 Cache key injection - Akamai
- 20 Cache key injection - Cloudflare? Select Prote Cloudflare documentation
- 21 Application Cache Poisoning - Adobe
- 22 Blind Internal Cache Poisoning - DoD
- 23 Recognising internal cache poisoning
- 24 Param Miner
- 25 Further Reading