Explore advanced template injection techniques for hardened environments in this comprehensive workshop from the Hack In The Box Security Conference. Delve into exploiting Python with Flask/Jinja2 and JavaScript with Express/Vue, focusing on containerized applications with limited privileges and read-only file systems. Build custom Python tools to tackle increasingly difficult challenges, expanding on James Kettle's 2015 Black Hat presentation on template injections leading to code execution. Gain hands-on experience in crafting specialized attacks for well-isolated containers, where traditional code execution may have limited impact. Prerequisite knowledge includes experience with Python/JavaScript and basic Docker skills. Led by BitK, a renowned French security researcher and bug hunter, this session offers valuable insights for both CTF enthusiasts and professional penetration testers looking to enhance their web exploitation skills in modern, hardened deployment scenarios.
Overview
Syllabus
#HITB2022SIN #LAB Template Injection On Hardened Targets - Lucas ‘BitK’ Philippe
Taught by
Hack In The Box Security Conference