Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana

DEFCONConference via YouTube

Overview

Dive into a DEF CON 32 conference talk that reveals advanced exploitation techniques discovered during the Kibana Bug Bounty Program, focusing on vulnerabilities in modern JavaScript and TypeScript applications. Learn how to transform seemingly unexploitable vulnerabilities into significant security breaches, including methods for breaking out of isolated containers with RCE-by-design scenarios. Explore multiple case studies of Prototype Pollutions that can crash applications within seconds and understand how these vulnerabilities can be escalated into critical Remote Code Executions. Discover new primitives and gadgets that enable RCE exploitation from previously dismissed Prototype Pollution vulnerabilities. Gain practical insights into complex vulnerability chains in JavaScript applications while understanding essential defense mechanisms and mitigation strategies to protect against these sophisticated attack vectors.

Syllabus

DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov

Taught by

DEFCONConference

Reviews

Start your review of Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.