SEC642: Killing snakes for fun, Flask SSTIs and RCEs in Python

Monday, 13 Jan 2020 1:00PM EST (13 Jan 2020 18:00 UTC)
Speaker: Moses Frost

Here is a word: Reflection. How many times have you read the words SSTI or even CSTI and wondered what they actually did, how they worked, or how to execute one? How can you take a file reading vulnerability like SSTI into a Remote Code Execution exploit? In this talk we will give you a glance into the SEC642 topic on Server Side Template Injection in Flask and taking that one concept a few steps further by introducing Python Method Reflection to execute code, and even backdoors. Join Moses Frost as he discusses this and other topics that are found in SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques.

Login to Register

Related Content

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024

Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming

November 16, 2023

A Visual Summary of SANS HackFest Summit

Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023

Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming

October 4, 2023

SEC670 Prep Quiz Answers

Answers for the SEC670 Prep Quiz. For more details about the course and the quiz, please clickthrough to see the quiz article.

Jonathan Reiter