I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit

Автор: Black Hat

Загружено: 2022-11-28

Просмотров: 6298

Описание: To begin with, I will cover the foundational use-case for IAM solutions and some past in the wild attacks (ITW) attacks with the extent of their impact. Continuing, I will present the approach I took with the audit including the challenges and pitfalls that I was faced with and how I overcame them. The result concluding with an unauthenticated remote code execution as root by chaining multiple vulnerabilities on a very popular IAM solution used by several Fortune 500 companies and government organizations.

Presented by Steven Seeley
Full Abstract & Presentation Materials: https://www.blackhat.com/us-22/briefi...

Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...

I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit

Доступные форматы для скачивания:

Скачать видео

Информация по загрузке:

Скачать аудио

Похожие видео

Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks

Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks

Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone

Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone

Kubernetes Privilege Escalation: Container Escape == Cluster Admin?

Kubernetes Privilege Escalation: Container Escape == Cluster Admin?

Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

AI-Powered Threat Hunting Using Garuda Framework

AI-Powered Threat Hunting Using Garuda Framework

Mobile Network Hacking, IP Edition

Mobile Network Hacking, IP Edition

Breaking the Chrome Sandbox with Mojo

Breaking the Chrome Sandbox with Mojo

Conversation with Elon Musk | World Economic Forum Annual Meeting 2026

Conversation with Elon Musk | World Economic Forum Annual Meeting 2026

Когда газовая промышленность потерпела крах, мы выживали на солевых газах.

Когда газовая промышленность потерпела крах, мы выживали на солевых газах.

Этот «блинчатый» двигатель может сделать электромобили невероятно быстрыми (Mercedes его купил).

Этот «блинчатый» двигатель может сделать электромобили невероятно быстрыми (Mercedes его купил).

Ghidra - Journey from Classified NSA Tool to Open Source

Ghidra - Journey from Classified NSA Tool to Open Source

Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications

Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications

Hołownia zdiagnozowany

Hołownia zdiagnozowany

Leveraging the Apple ESF for Behavioral Detections

Leveraging the Apple ESF for Behavioral Detections

SpaceX Dragon Just Achieved Something Even NASA's Best Spacecrafts Couldn't.

SpaceX Dragon Just Achieved Something Even NASA's Best Spacecrafts Couldn't.

DEF CON 29 - Cedric Owens - Gone Apple Pickin: Red Teaming MacOS Environments in 2021

DEF CON 29 - Cedric Owens - Gone Apple Pickin: Red Teaming MacOS Environments in 2021

China’s Next AI Shock Is Hardware

China’s Next AI Shock Is Hardware

The Enemy Within: Modern Supply Chain Attacks

The Enemy Within: Modern Supply Chain Attacks

Elevating Kerberos to the Next Level

Elevating Kerberos to the Next Level

The Top Secret Manufacturing of Optimus: Inside Tesla’s Robot Factory (Full Process)

The Top Secret Manufacturing of Optimus: Inside Tesla’s Robot Factory (Full Process)