Відео

This talk covers the basics of Active Directory Certification Services (ADCS), its importance in authentication, and why it is targeted by attackers. It highlights key vulnerabilities, such as template misconfigurations and permission abuse, and their potential impact on security. Marek Jílek is an ethical hacker specializing in comprehensive cyber resilience testing for companies. He works as ...

JSON Web Tokens (JWT) are a popular choice for modern web applications, offering a compact and self-contained way to transmit claims between parties. However, their use comes with challenges that can impact security and usability. These challenges stem from the design of JWT, which does not completely align with classical session handling. In this talk, we will focus on these issues and discuss...

Hard-coded credentials typically create a significant hole that allows an attacker to bypass the authentication that has been configured by the software administrator. In this topic we will talk about HTTP cookies signing algorythms and how they can be exploited to get unathorised access to the application and in worst-case scanario get a remote code execution. Fedotkin Zakhar (d4d) is a softwa...

Let's talk about XSS (yeah, still), and particularly the DOM-based XSS type. This one happens in your browser and in your browser only and luckily, browsers also offer something to put stop to it: Trusted Types. I'll explain how it works and what to expect when hunting for bugs, and why Trusted Types are a Good Thing™️, unlike previous browser-based defense like the XSS Auditor. We'll also talk...