Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The New Page of Injections Book - Memcached Injections

Black Hat via YouTube

Start learning Write review
Udacity Ad

Get 50% Off Udacity Nanodegrees — Code CC50

Learn More → Coursera Ad

Coursera Plus Annual Nearly 45% Off

Learn More →

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore memcached injections in this 49-minute Black Hat conference talk by Ivan Novikov. Dive into the world of distributed memory caching systems and their vulnerabilities. Learn about input validation issues in memcached wrappers for popular web development platforms like Go, Ruby, Java, Python, PHP, Lua, and .NET. Discover how to perform "SQL Injection-like" attacks on memcached services, potentially leading to authentication bypass or arbitrary code execution. Examine the memcached protocol, command types, and various injection techniques. Understand the scope of the research, including command and argument injections, state breaking, and post-exploitation scenarios. Witness a real-world remote code execution demonstration and gain insights into securing big-data Internet projects that rely on memcached for performance optimization.

Syllabus

Intro
Memcached BIO
Shodan stats
Protocol overview
Commands types
How applications uses memcached
Memcached wrappers
Scope of research
Injection types
Command injection
State breaking
Who is vulnerable
Argument injection
Length breaking
Post exploitation
Application level
Deserialization
RCE demo

Taught by

Black Hat

Reviews

Start your review of The New Page of Injections Book - Memcached Injections

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.