SlideShare uma empresa Scribd logo

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

Transferir como PPTX, PDF
DefconRussia
DefconRussia

В Spring MVC есть классная фича — autobinding. Но если пользоваться ей неправильно, могут появиться «незаметные» уязвимости, иногда с серьёзным импактом. Рассмотрим пару примеров, углубимся в тонкости появления autobinding-багов. Writeup [ENG]: http://agrrrdog.blogspot.ru/2017/03/autobinding-vulns-and-spring-mvc.html

Internet
1 de 24
Spring MVC and Autobinding vulns Digital Security Alexey GreenDog Tyurin @antyurin
Spring MVC Defcon Russia (DCG #7812) 2
Model Defcon Russia (DCG #7812) 3 • Store info for the view • Map • “string”->object
Autobinding Defcon Russia (DCG #7812) 4 Binding params to object fields Converter
Autobinding vuln Defcon Russia (DCG #7812) 5 https://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf
Autobinding vuln Defcon Russia (DCG #7812) 6 https://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf
More magic with annotations Defcon Russia (DCG #7812) 7 @ModelAttribute on a method argument “An @ModelAttribute on a method argument indicates the argument should be retrieved from the model “… http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html
More magic with annotations Defcon Russia (DCG #7812) 8 @ModelAttribute on a method “An @ModelAttribute on a method indicates the purpose of that method is to add one or more model attributes. @ModelAttribute methods in a controller are invoked before @RequestMapping methods” http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html#mvc- ann-modelattrib-method-args
More magic with annotations Defcon Russia (DCG #7812) 9 @SessionAttribute for controller “The type-level @SessionAttributes annotation declares session attributes used by a specific handler. This will typically list the names of model attributes or types of model attributes which should be transparently stored in the session”
More magic with redirects Defcon Russia (DCG #7812) 10 FlashAttribute “Flash attributes provide a way for one request to store attributes intended for use in another.” http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html
More magic with annotations Defcon Russia (DCG #7812) 11 @ModelAttribute on a method argument “An @ModelAttribute on a method argument indicates the argument should be retrieved from the model. If not present in the model, the argument should be instantiated first and then added to the model. Once present in the model, the argument's fields should be populated from all request parameters that have matching names.” – is a wrong/dangerous way to get value from the model. Because: at first - retrieving , then autobinding.
Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 12
Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 13
Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 14
Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 15
Populating Defcon Russia (DCG #7812) 16 Befor in Model: “user” ={username = “Vasia” pass = “P@ssw0rd” weight= 100} Autobinding: After in Model: “user” ={ username = “lalallalala” pass = “P@ssw0rd” weight= 100 }
Example 1. Justice League Defcon Russia (DCG #7812) 17
Example 1. Justice League Defcon Russia (DCG #7812) 18
Example 1. Justice League Defcon Russia (DCG #7812) 19
Example 1. Justice League Defcon Russia (DCG #7812) 20 • More magic? No @ModelAttribute • Spring MVC is IoC and too smart?
Example 1. Justice League Defcon Russia (DCG #7812) 21
Other real examples? Defcon Russia (DCG #7812) 22 • Github • Articles • Nothing interesting?
Blackbox testing Defcon Russia (DCG #7812) 23 • Errors • Collect all parameter names Use them for all entry points Check difference • Strange names or arrays, hashmaps
Q&A Defcon Russia (DCG #7812) 24 https://twitter.com/antyurin https://github.com/grrrdog

Recomendados

nosymbols - defcon russia 20
nosymbols - defcon russia 20nosymbols - defcon russia 20
nosymbols - defcon russia 20DefconRussia
 
Weakpass - defcon russia 23
Weakpass - defcon russia 23Weakpass - defcon russia 23
Weakpass - defcon russia 23DefconRussia
 
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...DefconRussia
 
VHdl lab report
VHdl lab reportVHdl lab report
VHdl lab reportJinesh Kb
 
Eliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetEliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetOwaspCzech
 
Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spri...
Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spri...Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spri...
Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spri...corehard_by
 
Madaari : Ordering For The Monkeys
Madaari : Ordering For The MonkeysMadaari : Ordering For The Monkeys
Madaari : Ordering For The MonkeysJ On The Beach
 
Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Alexandru-Florin Iosif-Lazăr
 

Recomendados

nosymbols - defcon russia 20
nosymbols - defcon russia 20nosymbols - defcon russia 20
nosymbols - defcon russia 20DefconRussia
 
Weakpass - defcon russia 23
Weakpass - defcon russia 23Weakpass - defcon russia 23
Weakpass - defcon russia 23DefconRussia
 
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...DefconRussia
 
VHdl lab report
VHdl lab reportVHdl lab report
VHdl lab reportJinesh Kb
 
Eliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetEliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetOwaspCzech
 
Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spri...
Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spri...Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spri...
Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spri...corehard_by
 
Madaari : Ordering For The Monkeys
Madaari : Ordering For The MonkeysMadaari : Ordering For The Monkeys
Madaari : Ordering For The MonkeysJ On The Beach
 
Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Alexandru-Florin Iosif-Lazăr
 
Vhdl
VhdlVhdl
VhdlNeeraj Gupta
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
Digital system design practical file
Digital system design practical fileDigital system design practical file
Digital system design practical fileArchita Misra
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsAndrey Karpov
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueChong-Kuan Chen
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019Olivera Milenkovic
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECERamesh Naik Bhukya
 
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)Shinya Takamaeda-Y
 
Dsd lab Practical File
Dsd lab Practical FileDsd lab Practical File
Dsd lab Practical FileSoumya Behera
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
Crange: Clang based tool to index and cross-reference C/C++ source code
Crange: Clang based tool to index and cross-reference C/C++ source code Crange: Clang based tool to index and cross-reference C/C++ source code
Crange: Clang based tool to index and cross-reference C/C++ source code Anurag Patel
 
Vhdl lab manual
Vhdl lab manualVhdl lab manual
Vhdl lab manualMukul Mohal
 
Programs of VHDL
Programs of VHDLPrograms of VHDL
Programs of VHDLRkrishna Mishra
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
DevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford
DevDay: Managing Private Algorithms in SGX Enclaves, University of OxfordDevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford
DevDay: Managing Private Algorithms in SGX Enclaves, University of OxfordR3
 
03 vhdl
03 vhdl03 vhdl
03 vhdlpikkuo
 
GCC
GCCGCC
GCCKir Chou
 
Online Approximate OLAP in SparkSQL
Online Approximate OLAP in SparkSQLOnline Approximate OLAP in SparkSQL
Online Approximate OLAP in SparkSQLDataWorks Summit
 
PKCS11
PKCS11PKCS11
PKCS11Byeong Yeong Jeong
 
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...DefconRussia
 
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/LinuxDefconRussia
 

Mais conteúdo relacionado

Mais procurados

Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
Digital system design practical file
Digital system design practical fileDigital system design practical file
Digital system design practical fileArchita Misra
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsAndrey Karpov
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueChong-Kuan Chen
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECERamesh Naik Bhukya
 
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)Shinya Takamaeda-Y
 
Dsd lab Practical File
Dsd lab Practical FileDsd lab Practical File
Dsd lab Practical FileSoumya Behera
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
Crange: Clang based tool to index and cross-reference C/C++ source code
Crange: Clang based tool to index and cross-reference C/C++ source code Crange: Clang based tool to index and cross-reference C/C++ source code
Crange: Clang based tool to index and cross-reference C/C++ source code Anurag Patel
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
DevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford
DevDay: Managing Private Algorithms in SGX Enclaves, University of OxfordDevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford
DevDay: Managing Private Algorithms in SGX Enclaves, University of OxfordR3
 
03 vhdl
03 vhdl03 vhdl
03 vhdlpikkuo
 
Online Approximate OLAP in SparkSQL
Online Approximate OLAP in SparkSQLOnline Approximate OLAP in SparkSQL
Online Approximate OLAP in SparkSQLDataWorks Summit
 

Mais procurados (20)

Vhdl
VhdlVhdl
Vhdl
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
 
Digital system design practical file
Digital system design practical fileDigital system design practical file
Digital system design practical file
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you develop
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECE
 
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)
Veriloggen.Stream: データフローからハードウェアを作る(2018年3月3日 高位合成友の会 第5回 @東京工業大学)
 
Dsd lab Practical File
Dsd lab Practical FileDsd lab Practical File
Dsd lab Practical File
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating system
 
Crange: Clang based tool to index and cross-reference C/C++ source code
Crange: Clang based tool to index and cross-reference C/C++ source code Crange: Clang based tool to index and cross-reference C/C++ source code
Crange: Clang based tool to index and cross-reference C/C++ source code
 
Vhdl lab manual
Vhdl lab manualVhdl lab manual
Vhdl lab manual
 
Programs of VHDL
Programs of VHDLPrograms of VHDL
Programs of VHDL
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
 
DevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford
DevDay: Managing Private Algorithms in SGX Enclaves, University of OxfordDevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford
DevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford
 
03 vhdl
03 vhdl03 vhdl
03 vhdl
 
GCC
GCCGCC
GCC
 
Online Approximate OLAP in SparkSQL
Online Approximate OLAP in SparkSQLOnline Approximate OLAP in SparkSQL
Online Approximate OLAP in SparkSQL
 
PKCS11
PKCS11PKCS11
PKCS11
 

Destaque

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...DefconRussia
 
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/LinuxDefconRussia
 
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golangГеоргий Зайцев - Reversing golang
Георгий Зайцев - Reversing golangDefconRussia
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC DefconRussia
 
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...DefconRussia
 
static - defcon russia 20
static - defcon russia 20static - defcon russia 20
static - defcon russia 20DefconRussia
 
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23DefconRussia
 
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей ТюринAttacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей ТюринDefconRussia
 
Nedospasov defcon russia 23
Nedospasov defcon russia 23Nedospasov defcon russia 23
Nedospasov defcon russia 23DefconRussia
 
Miasm defcon russia 23
Miasm defcon russia 23Miasm defcon russia 23
Miasm defcon russia 23DefconRussia
 
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...DefconRussia
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20DefconRussia
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
HTTP HOST header attacks
HTTP HOST header attacksHTTP HOST header attacks
HTTP HOST header attacksDefconRussia
 
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectManaging Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectThreatConnect
 
Linux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityLinux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityThomas Graf
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellEnclaveSecurity
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
 
Volatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive SecurityVolatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive SecurityKelly Shortridge
 

Destaque (20)

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
 
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
 
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golangГеоргий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
 
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
 
static - defcon russia 20
static - defcon russia 20static - defcon russia 20
static - defcon russia 20
 
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
 
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей ТюринAttacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
 
Nedospasov defcon russia 23
Nedospasov defcon russia 23Nedospasov defcon russia 23
Nedospasov defcon russia 23
 
Miasm defcon russia 23
Miasm defcon russia 23Miasm defcon russia 23
Miasm defcon russia 23
 
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
HTTP HOST header attacks
HTTP HOST header attacksHTTP HOST header attacks
HTTP HOST header attacks
 
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectManaging Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
 
Linux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityLinux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network Security
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShell
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
 
Volatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive SecurityVolatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive Security
 

Semelhante a [Defcon Russia #29] Алексей Тюрин - Spring autobinding

Static Analysis in IDEA
Static Analysis in IDEAStatic Analysis in IDEA
Static Analysis in IDEAHamletDRC
 
Ygoltsev dcg 21_08_wifiineapple
Ygoltsev dcg 21_08_wifiineappleYgoltsev dcg 21_08_wifiineapple
Ygoltsev dcg 21_08_wifiineappleygoltsev
 
GraphQL-ify your API - JFall 2022
GraphQL-ify your API - JFall 2022GraphQL-ify your API - JFall 2022
GraphQL-ify your API - JFall 2022Soham Dasgupta
 
cs320_final_project_codemedicalApplication.classpathcs320_.docx
cs320_final_project_codemedicalApplication.classpathcs320_.docxcs320_final_project_codemedicalApplication.classpathcs320_.docx
cs320_final_project_codemedicalApplication.classpathcs320_.docxmydrynan
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]defconmoscow
 
GraphQL_devoxx_2023.pptx
GraphQL_devoxx_2023.pptxGraphQL_devoxx_2023.pptx
GraphQL_devoxx_2023.pptxSoham Dasgupta
 
Improving your Gradle builds
Improving your Gradle buildsImproving your Gradle builds
Improving your Gradle buildsPeter Ledbrook
 
Lessons Learnt from Running Thousands of On-demand Spark Applications
Lessons Learnt from Running Thousands of On-demand Spark ApplicationsLessons Learnt from Running Thousands of On-demand Spark Applications
Lessons Learnt from Running Thousands of On-demand Spark ApplicationsItai Yaffe
 
Using the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsUsing the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsSalesforce Developers
 
Droidcon Berlin Barcamp 2016
Droidcon Berlin Barcamp 2016Droidcon Berlin Barcamp 2016
Droidcon Berlin Barcamp 2016Przemek Jakubczyk
 
Cleaning your architecture with android architecture components
Cleaning your architecture with android architecture componentsCleaning your architecture with android architecture components
Cleaning your architecture with android architecture componentsDebora Gomez Bertoli
 
A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019
A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019
A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019Matt Raible
 
GumGum: Multi-Region Cassandra in AWS
GumGum: Multi-Region Cassandra in AWSGumGum: Multi-Region Cassandra in AWS
GumGum: Multi-Region Cassandra in AWSDataStax Academy
 
Sql exception and class notfoundexception
Sql exception and class notfoundexceptionSql exception and class notfoundexception
Sql exception and class notfoundexceptionRohit Singh
 
Java Web Programming [5/9] : EL, JSTL and Custom Tags
Java Web Programming [5/9] : EL, JSTL and Custom TagsJava Web Programming [5/9] : EL, JSTL and Custom Tags
Java Web Programming [5/9] : EL, JSTL and Custom TagsIMC Institute
 

Semelhante a [Defcon Russia #29] Алексей Тюрин - Spring autobinding (20)

Static Analysis in IDEA
Static Analysis in IDEAStatic Analysis in IDEA
Static Analysis in IDEA
 
GraphQL-ify your APIs
GraphQL-ify your APIsGraphQL-ify your APIs
GraphQL-ify your APIs
 
Ygoltsev dcg 21_08_wifiineapple
Ygoltsev dcg 21_08_wifiineappleYgoltsev dcg 21_08_wifiineapple
Ygoltsev dcg 21_08_wifiineapple
 
GraphQL-ify your API - JFall 2022
GraphQL-ify your API - JFall 2022GraphQL-ify your API - JFall 2022
GraphQL-ify your API - JFall 2022
 
cs320_final_project_codemedicalApplication.classpathcs320_.docx
cs320_final_project_codemedicalApplication.classpathcs320_.docxcs320_final_project_codemedicalApplication.classpathcs320_.docx
cs320_final_project_codemedicalApplication.classpathcs320_.docx
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]
 
Basics of AngularJS
Basics of AngularJSBasics of AngularJS
Basics of AngularJS
 
GraphQL_devoxx_2023.pptx
GraphQL_devoxx_2023.pptxGraphQL_devoxx_2023.pptx
GraphQL_devoxx_2023.pptx
 
Improving your Gradle builds
Improving your Gradle buildsImproving your Gradle builds
Improving your Gradle builds
 
World of CSS Grid
World of CSS GridWorld of CSS Grid
World of CSS Grid
 
Spring Web MVC
Spring Web MVCSpring Web MVC
Spring Web MVC
 
React
ReactReact
React
 
Lessons Learnt from Running Thousands of On-demand Spark Applications
Lessons Learnt from Running Thousands of On-demand Spark ApplicationsLessons Learnt from Running Thousands of On-demand Spark Applications
Lessons Learnt from Running Thousands of On-demand Spark Applications
 
Using the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsUsing the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service Clients
 
Droidcon Berlin Barcamp 2016
Droidcon Berlin Barcamp 2016Droidcon Berlin Barcamp 2016
Droidcon Berlin Barcamp 2016
 
Cleaning your architecture with android architecture components
Cleaning your architecture with android architecture componentsCleaning your architecture with android architecture components
Cleaning your architecture with android architecture components
 
A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019
A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019
A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019
 
GumGum: Multi-Region Cassandra in AWS
GumGum: Multi-Region Cassandra in AWSGumGum: Multi-Region Cassandra in AWS
GumGum: Multi-Region Cassandra in AWS
 
Sql exception and class notfoundexception
Sql exception and class notfoundexceptionSql exception and class notfoundexception
Sql exception and class notfoundexception
 
Java Web Programming [5/9] : EL, JSTL and Custom Tags
Java Web Programming [5/9] : EL, JSTL and Custom TagsJava Web Programming [5/9] : EL, JSTL and Custom Tags
Java Web Programming [5/9] : EL, JSTL and Custom Tags
 

Mais de DefconRussia

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхSergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхDefconRussia
 
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...DefconRussia
 
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...DefconRussia
 
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementAlexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementDefconRussia
 
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C DefconRussia
 
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-HashTyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-HashDefconRussia
 
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 ScaryRoman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 ScaryDefconRussia
 
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 PracticeRoman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 PracticeDefconRussia
 
Roman Korkikyan - Timing analysis workshop Part 1 Theory
Roman Korkikyan - Timing analysis workshop Part 1 TheoryRoman Korkikyan - Timing analysis workshop Part 1 Theory
Roman Korkikyan - Timing analysis workshop Part 1 TheoryDefconRussia
 
Peter Hlavaty - DBIFuzz
Peter Hlavaty - DBIFuzzPeter Hlavaty - DBIFuzz
Peter Hlavaty - DBIFuzzDefconRussia
 
Vadim Bardakov - AVR & MSP exploitation
Vadim Bardakov - AVR & MSP exploitationVadim Bardakov - AVR & MSP exploitation
Vadim Bardakov - AVR & MSP exploitationDefconRussia
 
Tomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSTomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSDefconRussia
 

Mais de DefconRussia (12)

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхSergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
 
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
 
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
 
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementAlexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
 
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
 
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-HashTyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
 
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 ScaryRoman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
 
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 PracticeRoman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
 
Roman Korkikyan - Timing analysis workshop Part 1 Theory
Roman Korkikyan - Timing analysis workshop Part 1 TheoryRoman Korkikyan - Timing analysis workshop Part 1 Theory
Roman Korkikyan - Timing analysis workshop Part 1 Theory
 
Peter Hlavaty - DBIFuzz
Peter Hlavaty - DBIFuzzPeter Hlavaty - DBIFuzz
Peter Hlavaty - DBIFuzz
 
Vadim Bardakov - AVR & MSP exploitation
Vadim Bardakov - AVR & MSP exploitationVadim Bardakov - AVR & MSP exploitation
Vadim Bardakov - AVR & MSP exploitation
 
Tomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSTomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNS
 

Último

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...sonatiwari757
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 

Último (20)

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

  • 1. Spring MVC and Autobinding vulns Digital Security Alexey GreenDog Tyurin @antyurin
  • 2. Spring MVC Defcon Russia (DCG #7812) 2
  • 3. Model Defcon Russia (DCG #7812) 3 • Store info for the view • Map • “string”->object
  • 4. Autobinding Defcon Russia (DCG #7812) 4 Binding params to object fields Converter
  • 5. Autobinding vuln Defcon Russia (DCG #7812) 5 https://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf
  • 6. Autobinding vuln Defcon Russia (DCG #7812) 6 https://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf
  • 7. More magic with annotations Defcon Russia (DCG #7812) 7 @ModelAttribute on a method argument “An @ModelAttribute on a method argument indicates the argument should be retrieved from the model “… http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html
  • 8. More magic with annotations Defcon Russia (DCG #7812) 8 @ModelAttribute on a method “An @ModelAttribute on a method indicates the purpose of that method is to add one or more model attributes. @ModelAttribute methods in a controller are invoked before @RequestMapping methods” http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html#mvc- ann-modelattrib-method-args
  • 9. More magic with annotations Defcon Russia (DCG #7812) 9 @SessionAttribute for controller “The type-level @SessionAttributes annotation declares session attributes used by a specific handler. This will typically list the names of model attributes or types of model attributes which should be transparently stored in the session”
  • 10. More magic with redirects Defcon Russia (DCG #7812) 10 FlashAttribute “Flash attributes provide a way for one request to store attributes intended for use in another.” http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html
  • 11. More magic with annotations Defcon Russia (DCG #7812) 11 @ModelAttribute on a method argument “An @ModelAttribute on a method argument indicates the argument should be retrieved from the model. If not present in the model, the argument should be instantiated first and then added to the model. Once present in the model, the argument's fields should be populated from all request parameters that have matching names.” – is a wrong/dangerous way to get value from the model. Because: at first - retrieving , then autobinding.
  • 12. Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 12
  • 13. Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 13
  • 14. Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 14
  • 15. Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 15
  • 16. Populating Defcon Russia (DCG #7812) 16 Befor in Model: “user” ={username = “Vasia” pass = “P@ssw0rd” weight= 100} Autobinding: After in Model: “user” ={ username = “lalallalala” pass = “P@ssw0rd” weight= 100 }
  • 17. Example 1. Justice League Defcon Russia (DCG #7812) 17
  • 18. Example 1. Justice League Defcon Russia (DCG #7812) 18
  • 19. Example 1. Justice League Defcon Russia (DCG #7812) 19
  • 20. Example 1. Justice League Defcon Russia (DCG #7812) 20 • More magic? No @ModelAttribute • Spring MVC is IoC and too smart?
  • 21. Example 1. Justice League Defcon Russia (DCG #7812) 21
  • 22. Other real examples? Defcon Russia (DCG #7812) 22 • Github • Articles • Nothing interesting?
  • 23. Blackbox testing Defcon Russia (DCG #7812) 23 • Errors • Collect all parameter names Use them for all entry points Check difference • Strange names or arrays, hashmaps
  • 24. Q&A Defcon Russia (DCG #7812) 24 https://twitter.com/antyurin https://github.com/grrrdog