Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls

DEFCONConference via YouTube

Overview

Explore email address parsing vulnerabilities and exploitation techniques in this DEF CON 32 conference talk that delves into RFC-compliant email address manipulation. Learn how ancient RFC specifications create opportunities for bypassing security controls through parser inconsistencies. Discover methods for crafting specially formatted email addresses that can circumvent organizational defenses, spoof domains, penetrate 'Zero Trust' systems, and bypass employee-only registration restrictions. Master techniques for transforming seemingly innocent inputs into malicious payloads that can trigger email misrouting and blind CSS injection attacks. Gain hands-on experience through a provided CTF challenge and receive a comprehensive methodology and toolkit for identifying and exploiting email parser vulnerabilities in real-world targets.

Syllabus

DEF CON 32 - Splitting the email atom exploiting parsers to bypass access controls - Gareth Heyes

Taught by

DEFCONConference

Reviews

Start your review of Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.