Advanced Server-Side Template Exploitation with RCE Everywhere - 2024
Ekoparty Security Conference via YouTube
PowerBI Data Analyst - Create visualizations and dashboards from scratch
Get 20% off all career paths from fullstack to AI
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore novel techniques for exploiting server-side template injections (SSTIs) in this 32-minute conference talk from Ekoparty Security Conference 2024. Discover complex and unique payload development methods that leverage default template engine functionality without requiring quotation marks or additional plugins. Learn the detailed process behind payload discovery and understand how to achieve Remote Code Execution (RCE) while working within strict template limitations. Gain insights into advanced exploitation techniques as demonstrated by security researcher Alex Brumen, who breaks down the methodology for identifying and executing these sophisticated template injection attacks.
Syllabus
Advanced server-side template exploitation with RCE everywhere -Alex Brumen - Ekoparty 2024
Taught by
Ekoparty Security Conference