- Technology
- Cybersecurity
- Information Security (InfoSec)
- Ethical Hacking
- Server-Side Request Forgery (SSRF)
- Technology
- Cybersecurity
- Information Security (InfoSec)
- Ethical Hacking
- XML External Entity (XXE) Injection
- Technology
- Cybersecurity
- Information Security (InfoSec)
- Ethical Hacking
- Server-Side Template Injection (SSTI)
Project Dusseldorf: Finding Out-Of-Band Vulnerabilities At Cloud Scale
Learn AI, Data Science & Business — Earn Certificates That Get You Hired
Power BI Fundamentals - Create visualizations and dashboards from scratch
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore Project Dusseldorf, a versatile out-of-band application security platform, in this 39-minute conference talk from Nullcon Goa 2025. Learn how this internal Microsoft tool helps red teams and application security teams detect vulnerabilities like SSRF, XXE, SSTI, XSS, and even generic RCEs. Discover how the platform catches and analyzes network requests while using a built-in rule engine to craft automated responses with predefined payloads. The speaker announces the open-sourcing of this tool and demonstrates how to leverage it for finding vulnerabilities in your targets at cloud scale.
Syllabus
Nullcon Goa 2025: Project Dusseldorf: Finding Out-Of-Band Vulnerabilities At Cloud Scale - Michael
Taught by
nullcon