Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bypass Surgery - Abusing Content Delivery Networks

Black Hat via YouTube

Overview

Explore the vulnerabilities and attack patterns affecting Content Delivery Networks (CDNs) in this Black Hat conference talk. Delve into the potential consequences of exploiting CDN weaknesses, including unauthorized access to sensitive information and financial accounts. Learn about the research uncovering general attack patterns against high-availability website infrastructure. Discover techniques such as SRV record enumeration, internal network assessment, and SSRF tools. Examine the differences between JavaScript and Flash in terms of security, and understand the implications of crossdomain.xml files. Investigate methods for bypassing HTTP Content Security Policy and potential remediation strategies. Gain insights into future security research directions in this critical area of web infrastructure.

Syllabus

Intro
Matthew Bryant (mandatory)
Content Delivery Networks
What happened?
A Divided Penetration Testing Scope
SRV Record Enumeration
subbrute - Internal Network Assessment
NOERROR?
Server Trust
Search for Cross Domain Proxy
SSRF tools
Access to the Web Server's localhost
Access to Internal Network Hardware
SSRF Questions
What's an origin?
Differences between JavaScript and Flash
Example Crossdomain.xml File
The Check
FlowPlayer Bypass #1 - The Bypass
Full Exploit Flow
Bypassing HTTP Content Security Policy
Remediation
Future Security Research

Taught by

Black Hat

Reviews

Start your review of Bypass Surgery - Abusing Content Delivery Networks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.