Cyber Exploitation with SSRF & CMS Swiss Cheese – CF037

Posted on by
Listen Mobile:
Audio Only
Apple PodcastsGoogle PodcastsPlayer EmbedShareLeave a ReviewListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotifyAudioboomSpreakerOther Options

Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does.

Please leave a REVIEW (iPhone or iPad) – https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewContentsUserReviews?id=857124890&type=Podcast&ls=1&mt=1

Support the Average Guy Tech Scholarship Fund: https://www.patreon.com/theaverageguy

WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at http://theAverageGuy.tv/subscribe

You can contact us via email at jim@theaverageguy.tv

Full show notes and video at http://theAverageGuy.tv/cf037

This week on Cyber Frontiers Christian and Jim delve into new approaches in Server Side Request Forgeries (SSRF) that have played an increasing role in vulnerability disclosure for common web applications such as WordPress. Before diving in, we review the BitDefender Box product, a consumer-based device to protect IoT devices and enable home security for the average guy. After wrapping up our review, we dive deep into SSRF and some of the new ways in which hackers have bypassed common protections as featured in an upcoming talk at DEFCON 25. From the deep dive we explore some of the recent malicious activity taking place on the interwebs – targeting major CMS platforms and taking advantage of some of the earlier techniques we discuss. And as the internet continues to show its similarities to swiss cheese, the internet relies on listeners like you to help stay savvy and keep your organizations and peers safe and secure.

 

SSRF: A New Injection Favorite of Hackers

https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/

https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Tsai

“We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections”

Speaking of which… DEFCON 25 talks are up!

https://www.defcon.org/html/defcon-25/dc-25-schedule.html

July 27th – July 30th

WordPress Black SEO Spam

https://blog.sucuri.net/2017/03/seo-spam-via-wp-rest-api-vulnerability.html

https://blog.sucuri.net/2016/08/cleaning-hijacked-google-seo-spam-results.html

BitDefender Box

https://www.bitdefender.com/box/

$129 for the box.

More funding for AI cybersecurity: Darktrace raises $75M at an $825M valuation

https://techcrunch.com/2017/07/11/more-funding-for-ai-cybersecurity-darktrace-raises-75m-at-an-825m-valuation/

 

 

Jim’s Twitter: http://twitter.com/#!/jcollison

Contact Christian: christian@theaverageguy.tv

Contact the show at jim@theaverageguy.tv

Find this and other great Podcasts from the Average Guy Network at http://theaverageguy.tv

Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at:
http://diehardcafe.bandcamp.com/http://cokehabitgo.tumblr.com/tagged/my-music