FileCry The New Age Of XXE

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=yEL5Cwj1wJU


Duration: 33:27
1 views
0

Xml eXternal Entities (XXE) is one of the most deadly vulnerabilities on the Internet, and we will demonstrate how critical enterprise software packages are still vulnerable to these attacks today. In this action-packed presentation, we will demonstrate two 0-day vulnerabilities we identified in both popular server (Java) and client-side (Internet Explorer) technologies. The first vulnerability can be exploited with an attacker-controlled XML leading to arbitrary file ex-filtration on a target server even with all the Java protections enabled. The second vulnerability, allows an attacker to steal both arbitrary files on the local hard drive and secret information across origins with a malicious webpage. Therefore, effectively bypassing the Same Origin Policy and breaching the web-local separation. Both exploits are reliable and do not depend on memory corruptions.

Join us as we take you through an exciting journey of finding, exploiting these vulnerabilities, and preventing this class of attacks in the future.
PRESENTED BY
Xiaoran Wang, Sergey Gorbaty

Black Hat - USA - 2015 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-03Exploiting The DRAM Rowhammer Bug To Gain Kernel Privileges
2022-01-03CrackLord Maximizing Password Cracking Boxes
2022-01-03Internet Scale File Analysis
2022-01-03BGP Stream
2022-01-03Back Doors And Front Doors Breaking The Unbreakable System
2022-01-03Exploiting XXE Vulnerabilities In File Parsing Functionality
2022-01-03Is The NSA Still Listening To Your Calls A Surveillance Debate
2022-01-03Faux Disk Encryption Realities Of Secure Storage On Mobile Devices
2022-01-03Battle Of The SKM And IUM How Windows 10 Rewrites OS Architecture
2022-01-03Big Game Hunting The Peculiarities Of Nation State Malware Research
2022-01-03FileCry The New Age Of XXE
2022-01-03Forging The USB Armory, An Open Source Secure Flash Drive Sized Computer
2022-01-03Behind The Mask The Agenda, Tricks, & Tactics Of The Federal Trade Commission
2022-01-03Breaking Access Controls With BLEKey
2022-01-03Fingerprints On Mobile Devices Abusing And Leaking
2022-01-03From False Positives To Actionable Analysis Behavioral Intrusion Detection
2022-01-03Abusing Silent Mitigations Understanding Weaknesses Within Internet Explorer
2022-01-03Breaking Honeypots For Fun And Profit
2022-01-03Crash & Pay How To Own And Clone Contactless Payment Devices
2022-01-03GameOver Zeus Badguys And Backends
2022-01-03Abusing Windows Management Instrumentation WMI To Build A Persistent, Asyn


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
criminal
phishing
software
access
safety
system
firewall
communication
business
binary
account
spy
programmer
spyware
hacked
hacking conference
learn
how to
2022
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Xiaoran Wang
Sergey Gorbaty
FileCry
XXE