Loading…
Attending this event?
Wednesday October 2, 2024 2:05pm - 2:40pm GMT+08
Out of Bound (OOB) tools (such as Interact.sh, Burp collaborator, etc) are powerful tools for penetration testers who want to find and exploit blind vulnerabilities. Blind vulnerabilities are those that do not show any output in the response, making them hard to detect and OOB tools can make the vulnerable server send a request to a controlled server, where the tool can capture the request and reveal the vulnerability. OOB tools are especially useful for finding SSRF, SQLi, XXE, RCE vulnerabilities, and can also be used to exfiltrate data from the target. They are often used in manual penetration testing activities where pentesters or attackers send requests to the web server using these tools to identify the presence of vulnerability. This happened in Log4J and Text4shell vulnerability exploitation too where mass scanning took place. In this talk, we will discuss about how to effectively leverage this known concept of Out of band testing to identify security vulnerabilities that are actively being tested for or exploited using techniques such as process hierarchy validation, request baselining, etc. In this talk, we will also discuss how to identify and hunt for OOB adversarial infrastructure using techniques such as response fingerprinting, network analysis, and process execution logs. This will help them identify attacks known or unknown against web applications. The talk will also cover some case studies of real-world attacks where OOB tools were used or detected. This talk will give you a comprehensive overview of the various techniques that can be used by defenders to detect unusual out of bound requests originating out of web applications.
Speakers
SS

Surya Subhash

Security Researcher, Microsoft
Subhash is a Security Engineer with Microsoft. Previously, he was a Red Teamer with EY & PwC (India practices). He's a blue teamer by day and a security researcher & red teamer by the night. He is passionate about security research and creating new tools. He was a bug bounty hunter... Read More →
Wednesday October 2, 2024 2:05pm - 2:40pm GMT+08
Room: Jasmine Ballroom Marina Bay Sands Convention Center
Log in to leave feedback.

Attendees (6)


Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Share Modal

Share this link via

Or copy link