Dive into a DEF CON 32 conference talk that reveals advanced exploitation techniques discovered during the Kibana Bug Bounty Program, focusing on vulnerabilities in modern JavaScript and TypeScript applications. Learn how to transform seemingly unexploitable vulnerabilities into significant security breaches, including methods for breaking out of isolated containers with RCE-by-design scenarios. Explore multiple case studies of Prototype Pollutions that can crash applications within seconds and understand how these vulnerabilities can be escalated into critical Remote Code Executions. Discover new primitives and gadgets that enable RCE exploitation from previously dismissed Prototype Pollution vulnerabilities. Gain practical insights into complex vulnerability chains in JavaScript applications while understanding essential defense mechanisms and mitigation strategies to protect against these sophisticated attack vectors.
Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana
Overview
Syllabus
DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov
Taught by
DEFCONConference
Related Courses
-
Prototype Pollution Leading to Remote Code Execution in NodeJS
-
Top War Stories from Bug Bounty Hunting - High-Severity Exploits and Discoveries
-
The Darkest Side of Bug Bounty - Understanding Problems and Solutions in Bug Bounty Programs
-
Practical Exploitation of DoS in Bug Bounty Programs
-
Terminally Owned - 60 Years of Terminal Escape Code Vulnerabilities
