DerbyCon 5.0 "Unity" - Bypass Surgery Abusing Content Delivery Networks

Date & Time: Month DD, YYYY at H:MM - H:MM
Location: Venue - Street Name and Number, City, State, Postal Code
Speaker: Bishop Fox

It is unlikely when a bug affects almost every CDN and it becomes vulnerable, but when this happens the possibilities are endless and potentially disastrous.

Imagine - a Facebook worm giving an attacker full access to your bank account completely unbeknownst to you, until seven Bentleys, plane tickets for a herd of llamas, a mink coat once owned by P. Diddy, and a single monster cable all show up on your next statement. What a nightmare.

But in all seriousness, thousands of websites relying on the most popular CDNs are at risk. While some application requirements may need a security bypass in order to work, these intentional bypasses can become a valuable link in an exploit chain. Our research has unveiled a collection of general attack patterns that can be used against the infrastructure that supports high availability websites.

This is a story of exploit development with fascinating consequences.

Security Analyst Matthew Bryant and Security Associate Mike Brooks are set to speak at DerbyCon 5.0 "Unity" - Bypass Surgery Abusing Content Delivery Networks With Server-Side-Request Forgery (SSRF) Flash And DNS

Topics:DerbyCon

Comments

Need a Cybersecurity Expert to Speak at Your Event?

Please get in touch with our Speaker Bureau program manager, Virginie Jenck. Please email her at contact@bishopfox.com

More...

Subscribe to Updates