Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Web Cache Exploitation: Advanced Techniques for Static Path Deception and Cache Key Confusion

DEFCONConference via YouTube

Start learning Write review
Datacamp Ad

PowerBI Data Analyst - Create visualizations and dashboards from scratch

Learn More → Coursera Ad

All Coursera Certificates 40% Off

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore groundbreaking web cache exploitation techniques in this 44-minute conference talk from DEF CON 32. Dive deep into two powerful new methods that leverage RFC ambiguities to circumvent traditional web cache deception and poisoning attack limitations. Learn about Static Path Deception through a detailed case study demonstrating how to compromise application confidentiality in Nginx-Cloudflare environments. Master Cache Key Confusion and its application in exploiting URL parsing inconsistencies across major platforms like Microsoft Azure Cloud, enabling arbitrary cache poisoning and denial of service attacks. Watch a live demonstration combining Cache Key Confusion with an open redirect vulnerability to achieve complete site takeover through arbitrary JavaScript code execution. Walk away with innovative exploitation techniques and a comprehensive methodology for identifying and exploiting URL and HTTP parsing discrepancies.

Syllabus

DEF CON 32 - Gotta Cache ‘em all bending the rules of web cache exploitation - Martin Doyhenard

Taught by

DEFCONConference

Reviews

Start your review of Web Cache Exploitation: Advanced Techniques for Static Path Deception and Cache Key Confusion

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.