Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures - almost like an anti-virus. Earlier this month I released an open-source scanner that takes an alternative approach, capable of finding and confirming both known and unknown classes of injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many associated benefits including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering. In this presentation, I'll share with you key insights from the conception of this scanner, through development, to unleashing it on several thousand websites. Then I'll go further and explore the offensive depth this scanner can reach, unveiling previously unseen salvos capable of automatically escalating middling vulnerabilities like HPP, regex injection and JSON injection to RCE. As you might expect from a scanner designed to find high-hanging fruit, the issues it spots aren't always easy to comprehend or exploit. I'll show how to handle its most confounding and entertaining findings, leaving you equipped to deploy it to maximum effect, and adapt and refine it to complement your testing. You can view the original paper at http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html This presentation will have plenty of fresh material, and won't assume you've memorized the paper.Back to Open CFP
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to email@example.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: