Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

H@cktivitycon 2020 - Graphing Out Internal Networks with CVE-2020-13379 - Unauthed Grafana SSRF

HackerOne via YouTube

Overview

Explore a comprehensive conference talk detailing the discovery, exploitation, and impact of CVE-2020-13379, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in Grafana. Dive into the methodology for identifying security vulnerabilities in open-source software, focusing on goal-setting, pinpointing areas of interest, and persistence in research. Witness a live demonstration of the bug, including a working Proof of Concept (PoC) and an exploitation kit, while learning about escalation techniques and the implications for companies with Grafana instances in DMZs or internal networks. Gain insights into the bug reporting process across different vendors, the challenges and rewards of mass-exploitation in bug bounty programs, and the value of collaboration within the hacking community. This 30-minute presentation from h@cktivitycon 2020 offers a deep dive into a critical vulnerability that affected thousands of companies, providing valuable lessons for both offensive and defensive security professionals.

Syllabus

h@cktivitycon 2020: Graphing Out Internal Networks with CVE-2020-13379 (Unauthed Grafana SSRF)

Taught by

HackerOne

Reviews

Start your review of H@cktivitycon 2020 - Graphing Out Internal Networks with CVE-2020-13379 - Unauthed Grafana SSRF

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.