A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


BYPASS SURGERY ABUSING CONTENT DELIVERY NETWORKS WITH SERVER-SIDE-REQUEST FORGERY (SSRF) FLASH AND DNS - Matthew Bryant Michael Brooks Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

BYPASS SURGERY ABUSING CONTENT DELIVERY NETWORKS WITH SERVER-SIDE-REQUEST FORGERY (SSRF) FLASH AND DNS
Matthew Bryant Michael Brooks
Derbycon 2015

It is unlikely when a bug affects almost every CDN and it becomes vulnerable, but when this happens the possibilities are endless and potentially disastrous. Imagine - a Facebook worm giving an attacker full access to your bank account completely unbeknownst to you, until seven Bentleys, plane tickets for a herd of llamas, a mink coat once owned by P. Diddy, and a single monster cable all show up on your next statement. What a nightmare. But in all seriousness, thousands of websites relying on the most popular CDNs are at risk. While some application requirements may need a security bypass in order to work, these intentional bypasses can become a valuable link in an exploit chain. Our research has unveiled a collection of general attack patterns that can be used against the infrastructure that supports high availability websites. This is a story of exploit development with fascinating consequences.

Mike Brooks (CISSP) is a Security Associate at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on software testing, application security assessments, source code review, blackbox penetration testing, and cryptography. Mike is an avid security researcher and contributes frequently to online vulnerability databases and security knowledge centers. He has researched and identified security vulnerabilities in dozens of software applications, including some severe enough to be assigned severity metrics from the Department of Homeland Security. The highest of these severity metrics rates in the top 500 most dangerous software flaws ever discovered. Mike is credited with the discovery of over 50 vulnerabilities with CVE entries, and was previously ranked in the top 10 of the Google AppSec Bug Bounty Program. As a Security Analyst at Bishop Fox, Matt Bryant focuses on web-based and mobile application penetration testing. Prior to joining Bishop Fox, Matt served as a web developer at Underground Computers. He has been quoted in publications, such as Ars Technica, and has presented at GrrCON.

@IAmMandatory

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast