Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting IPC With New Desynchronization Primitives

Hack In The Box Security Conference via YouTube

Overview

Explore advanced HTTP exploitation techniques targeting SAP's Internet Communication Manager in this conference talk from Hack In The Box Security Conference. Delve into two critical memory corruption vulnerabilities, CVE-2022-22536 and CVE-2022-22532, that affected 90% of Fortune 500 companies. Learn how to leverage these vulnerabilities using high-level protocol exploitation methods, including HTTP Smuggling and a new technique for system takeover without proxies. Discover the first Desync botnet using only JavaScript and Client-Side Desynchronization. Examine a Use After Free vulnerability in shared memory buffers for Inter-Process Communication, and explore methods for corrupting HTTP backend server caches using Response Smuggling. Gain insights into obtaining Remote Code Execution by corrupting address pointers. Analyze these exploitation techniques across various HTTP servers and review defensive strategies for developers and web architects. Learn about a detection tool for CVE-2022-22536 and the global impact of these "ICMAD" vulnerabilities on enterprise security.

Syllabus

#HITB2023AMS D2T2 - Exploiting IPC With New Desynchronization Primitives - Martin Doyhenard

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Exploiting IPC With New Desynchronization Primitives

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.