Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Gotta Cache Em All - Bending the Rules of Web Cache Exploitation

Ekoparty Security Conference via YouTube

Overview

Explore cutting-edge web cache exploitation techniques in this conference talk from Ekoparty Security Conference 2024. Dive deep into two powerful new techniques that leverage RFC ambiguities to bypass traditional web cache deception and poisoning attack limitations. Learn about Static Path Deception through real-world case studies demonstrating how to compromise application confidentiality in Nginx-Cloudflare and Apache-CloudFront environments. Discover Cache Key Confusion and its implementation to achieve arbitrary cache poisoning and denial of service in major platforms like Microsoft Azure Cloud and OpenAI. Watch a live demonstration combining Cache Key Confusion with open redirect vulnerabilities to execute cross-domain JavaScript code by manipulating static file responses. Master HTTP/0.9 request smuggling techniques for generating custom responses with arbitrary cache keys to gain complete control over vulnerable websites. Gain access to an open-source vulnerability detection tool and hands-on lab environment to practice advanced cache exploitation skills and develop a comprehensive methodology for identifying URL and HTTP discrepancies.

Syllabus

Gotta Cache Em All: Bending the rules of web cache exploitation - Martin Doyhenard - Ekoparty 2024

Taught by

Ekoparty Security Conference

Reviews

Start your review of Gotta Cache Em All - Bending the Rules of Web Cache Exploitation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.