Overview
Dive into a DEF CON 32 conference talk that reveals advanced exploitation techniques discovered during the Kibana Bug Bounty Program, focusing on vulnerabilities in modern JavaScript and TypeScript applications. Learn how to transform seemingly unexploitable vulnerabilities into significant security breaches, including methods for breaking out of isolated containers with RCE-by-design scenarios. Explore multiple case studies of Prototype Pollutions that can crash applications within seconds and understand how these vulnerabilities can be escalated into critical Remote Code Executions. Discover new primitives and gadgets that enable RCE exploitation from previously dismissed Prototype Pollution vulnerabilities. Gain practical insights into complex vulnerability chains in JavaScript applications while understanding essential defense mechanisms and mitigation strategies to protect against these sophisticated attack vectors.
Syllabus
DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov
Taught by
DEFCONConference