Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Template Injection on Hardened Targets

Hack In The Box Security Conference via YouTube

Overview

Explore advanced template injection techniques for hardened environments in this comprehensive workshop from the Hack In The Box Security Conference. Delve into exploiting Python with Flask/Jinja2 and JavaScript with Express/Vue, focusing on containerized applications with limited privileges and read-only file systems. Build custom Python tools to tackle increasingly difficult challenges, expanding on James Kettle's 2015 Black Hat presentation on template injections leading to code execution. Gain hands-on experience in crafting specialized attacks for well-isolated containers, where traditional code execution may have limited impact. Prerequisite knowledge includes experience with Python/JavaScript and basic Docker skills. Led by BitK, a renowned French security researcher and bug hunter, this session offers valuable insights for both CTF enthusiasts and professional penetration testers looking to enhance their web exploitation skills in modern, hardened deployment scenarios.

Syllabus

#HITB2022SIN #LAB Template Injection On Hardened Targets - Lucas ‘BitK’ Philippe

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Template Injection on Hardened Targets

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.