06. x33fcon 2018 - Death by a Thousand Struts: A Defenders Tale by sixdub
Apache Struts, a once little known web application framework, is now common knowledge to enterprise attackers and defenders due to its extensive exploitation by attackers over the past two years. Attackers have leveraged three critical vulnerabilities to successfully exploit Apache Struts indiscriminately. This formed the basis of industry-wide attacks for profit as well as targeted attacks against prominent organizations. Many organizations believed that the existence of public signatures would offer detection and prevention of this activity but were disappointed.
This talk provides a detailed look at Apache Struts, the vulnerabilities and the exploit techniques leveraged by attackers to exploit systems in the wild. The talk then examines various public signatures built exclusively to detect Apache Struts exploits and explore the strengths/weaknesses discovered from validating these signatures during live engagements. The post mortem analysis is used to discuss robust detection authorship and end with a walkthrough of how one can author more robust capabilities to detect Apache Struts exploitation.
----
The idea behind x33fcon (pronounced /'zi:f-kɒn/) is to focus on a very specific need of the security industry: collaboration between blue and red teams (sometimes referred to as purple teaming) It is an event that brings both groups together, and everyone from both sides of the fence are invited to gather, share ideas and discuss thoughts on security.
Watch video 06. x33fcon 2018 - Death by a Thousand Struts: A Defenders Tale by sixdub online without registration, duration hours minute second in high quality. This video was added by user x33fcon 13 June 2018, don't forget to share it with your friends and acquaintances, it has been viewed on our site 53 once and liked it 1 people.