[Blackhat Talk] Bypass Surgery Abusing Content Delivery Networks With Server-Side Request Forgery (SSRF), Flash, and DNS

For archival purposes I’m posting this talk that me and Mike Brooks (a.k.a. Rook) did at Blackhat USA 2015. While we danced around the vendor in the talk description, we can now disclose that that vendor was indeed Akamai – see their blog post about the issue here. Luckily Akamai was super helpful throughout the whole… Read More Continue reading [Blackhat Talk] Bypass Surgery Abusing Content Delivery Networks With Server-Side Request Forgery (SSRF), Flash, and DNS

sonar.js – A Framework for Scanning and Exploiting Internal Hosts With a Webpage

Recently WebRTC has been in the news as a way to scan internal networks using a regular webpage. We’ve seen some interesting uses of this functionality such as The New York Times scanning your internal network to detect bots. The idea of a random webpage on the internet being able to scan your internal network for live… Read More Continue reading sonar.js – A Framework for Scanning and Exploiting Internal Hosts With a Webpage