Backslash Powered Scanning: Implementing Human Intuition

-

 

 BACKSLASH POWERED SCANNING

 

 

 Presented at NorthSec 2017, Unknown date/time (Unknown duration)

Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures - almost like an anti-virus. In November I released an open-source scanner that takes an alternative approach, capable of finding and confirming both known and unknown classes of injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many associated benefits including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering. In this presentation, I'll share with you key insights from the conception of this scanner, through development, to unleashing it on several thousand websites. Then I'll go further and explore the offensive depth this scanner can reach, unveiling previously unseen salvos capable of automatically escalating middling vulnerabilities like HPP and JSON injection to RCE. As you might expect from a scanner designed to find high-hanging fruit, the issues it spots aren't always easy to comprehend or exploit. I'll show how to handle its most confounding and entertaining findings, leaving you equipped to deploy it to maximum effect, and adapt and refine it to complement your testing. 



Presenters:

  • James Kettle / albinowax as James Kettle
    James Kettle is Head of Research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on techniques to detect unknown classes of vulnerabilities, and exploiting subtle CORS misconfigurations in bitcoin exchanges. James has extensive experience cultivating novel attack techniques, including server-side RCE via Template Injection, client-side RCE via malicious formulas in CSV exports, and abusing the HTTP Host header to poison password reset emails and server-side caches. He has spoken at numerous prestigious venues including both BlackHat USA and EU, and OWASP AppSec USA and EU. 

 

 

Links:

 

 

 


Komentar

Posting Komentar

Postingan populer dari blog ini

OWASP Top 10 Security Risks and Vulnerabilities

-
Gambar
       About 90% of applications have serious vulnerabilities. OWASP, which regularly analyzes    weaknesses and attacks on Web applications, has compiled OWASP TOP-10 - the list of the   most dangerous vulnerabilities. What Is OWASP Top 10 Vulnerability List? OWASP Top 10 is one of the organization's best-known projects. OWASP Top 10 is a ranking of the ten most dangerous information security risks for web applications, compiled by a community of industry experts. For each point of the rating, the risk is calculated by experts based on the OWASP Risk Rating Methodology and includes an assessment of Weakness Prevalence, Weakness Detectability and Exploitability, as well as the criticality of the consequences of their operation or Technical Impacts. For obvious reasons, risk severity assessments do not take into account the business consequences of their implementation. Where possible, the names of the risks in the rating correspond to the names of the similar vulnerab
Baca selengkapnya