Listen Top Shows Blog

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Update: 2018-08-28

Share

Description

Modern web applications are composed from a crude patchwork of caches and content delivery networks. In this session I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage.

By James Kettle

Full Abstract & Presentation Materials: https://www.blackhat.com/us-18/briefings/schedule/#practical-web-cache-poisoning-redefining-unexploitable-10200

Comments

In Channel

Black Hat USA 2019 Keynote: Every Security Team is a Software Team Now by Dino Dai Zovi

Black Hat USA 2019 Keynote: Every Security Team is a Software Team Now by Dino Dai Zovi

2019-08-2601:04:10

Preview: The Future of Securing Intelligent Electronic Devices Using IEC 62351- 7

Preview: The Future of Securing Intelligent Electronic Devices Using IEC 62351- 7

2019-07-2904:24

The Emerging Threat Landscape with Phil Montgomery, FireEye

The Emerging Threat Landscape with Phil Montgomery, FireEye

2019-07-2509:21

Driving Cyber Resiliency of IoT Devices with Active Management & Cyber Hygiene

Driving Cyber Resiliency of IoT Devices with Active Management & Cyber Hygiene

2019-05-2311:32

CQTools: The New Ultimate Hacking Toolkit

CQTools: The New Ultimate Hacking Toolkit

2019-05-0601:01:55

Your Guide to An Integrated Threat Intelligence Strategy

Your Guide to An Integrated Threat Intelligence Strategy

2019-04-2510:04

Black Hat Asia 2019 Keynote: The Next Arms Race

Black Hat Asia 2019 Keynote: The Next Arms Race

2019-04-2258:05

Open Sesame: Picking Locks with Cortana

Open Sesame: Picking Locks with Cortana

2019-02-0546:25

BLEEDINGBIT: Your APs Belong to Us

BLEEDINGBIT: Your APs Belong to Us

2018-12-1946:51

Attacking and Defending Blockchains: From Horror Stories to Secure Wallets

Attacking and Defending Blockchains: From Horror Stories to Secure Wallets

2018-12-1948:41

Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling

Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling

2018-12-1926:14

DeepPhish: Simulating Malicious AI

DeepPhish: Simulating Malicious AI

2018-12-1950:54

Black Hat Europe 2018 Keynote

Black Hat Europe 2018 Keynote

2018-12-1945:08

Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library

Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library

2018-08-2839:32

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Practical Web Cache Poisoning: Redefining 'Unexploitable'

2018-08-2843:54

An Attacker Looks at Docker: Approaching Multi-Container Applications

An Attacker Looks at Docker: Approaching Multi-Container Applications

2018-08-2838:56

SirenJack: Cracking a 'Secure' Emergency Warning Siren System

SirenJack: Cracking a 'Secure' Emergency Warning Siren System

2018-08-2851:20

Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

2018-08-2850:51

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs

2018-08-2850:59

Fire & Ice: Making and Breaking macOS Firewalls

Fire & Ice: Making and Breaking macOS Firewalls

2018-08-2825:19

00:00

00:00

x

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Black Hat