Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive technical analysis of the ToolShell SharePoint vulnerability chain (CVE-2025-49704 and CVE-2025-49706) in this 47-minute conference talk from NDC Manchester. Dive deep into the complete incident timeline, starting from the ZDI Pwn2Own contest discovery in May 2025 through Microsoft's initial patch in July, the subsequent bypass exploitation by threat actors, and the emergency weekend patch that followed. Examine the vulnerable code paths and authentication bypass mechanisms that enabled remote code execution on SharePoint servers, while understanding why Microsoft's first patch proved ineffective. Trace the vulnerability's origins through historical SharePoint versions dating back to 2010 to understand its evolution. Watch live demonstrations showing how AI tools can assist in patch diffing and dynamic analysis to identify exploit code, and discover whether artificial intelligence could have detected the bypass when analyzing code changes alongside public research data. Learn about the official workarounds Microsoft recommended, how attackers could circumvent these protections in ASP.NET and IIS environments, and gain practical strategies for building more resilient mitigations against similar future attacks. Master the techniques for crafting detection signatures based on attack behavior patterns and understand how to leverage AI assistance for exploit detection and patch analysis in enterprise security contexts.
