Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

SSRF PWNs - New Techniques and Stories

Hack In The Box Security Conference via YouTube

Overview

Explore advanced Server-Side Request Forgery (SSRF) techniques and real-world exploitation stories in this 48-minute conference talk from the Hack In The Box Security Conference. Delve into new attack vectors, including memcached and PHP FastCGI exploits, and learn how to leverage SSRF for direct socket communication with various applications. Discover expanded protocol usage beyond standard network libraries and gain insights from a comprehensive SSRF cheatsheet. Examine case studies of SSRF-related vulnerabilities in major platforms, with a focus on exploits targeting Yandex, a leading Russian Internet company. Gain valuable knowledge on web application security, network perimeter bypassing, and cutting-edge SSRF attack methodologies from security experts Vladimir Vorontsov and Alexander Golovko.

Syllabus

Introduction
Previous techniques
Simple spoofing attacks
Reflection attack
Reflection attacks
TCP Fast Open
TCP Security Limitations
ARP Version 6
TCP First Open Concept Attack
Link Local Addresses
IP Version 6
Protocols
Which server is most secure
SSL Validator
Main Schema
yandex bug bounty
results
questions

Taught by

Hack In The Box Security Conference

Reviews

Start your review of SSRF PWNs - New Techniques and Stories

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.