Lost in Translation - Exploiting Unicode Normalization
The Fastest Way to Become a Backend Developer Online
Start speaking a new language. It’s just 3 weeks away.
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore how Unicode normalization vulnerabilities can be weaponized to bypass security controls in this 34-minute Black Hat conference talk. Discover how data transformation processes like Unicode normalization, encoding, and translation create attack vectors that allow threat actors to evade Web Application Firewalls (WAFs), input filters, and backend logic. Learn about critical security flaws including visual confusables, best-fit mappings, truncation overflows, case-mappings, and entity decodings that enable Remote Code Execution (RCE), Cross-Site Scripting (XSS), Server-Side Template Injection (SSTI), Open Redirects, and HTTP Response Splitting attacks. Examine real-world attack data from Akamai's research team through live exploitation demonstrations and gain insights into high-impact vulnerabilities such as CVE-2024-4577 (PHP-CGI Argument Injection). Master cutting-edge Unicode fuzzing techniques and discover practical security tools including Shazzer, recollapse, and enhanced Burp Activescan++ capabilities for detecting Unicode-based vulnerabilities. Develop comprehensive understanding of Unicode security pitfalls and acquire hands-on methodologies for identifying and mitigating these sophisticated attack vectors in modern web applications.
Syllabus
Lost in Translation: Exploiting Unicode Normalization
Taught by
Black Hat