mlns='http://www.w3.org/1999/xhtml'>

Register now for free Black Hat Webcast, October 29 at 11am
 
Black Hat Webcasts | Register Now
PLEASE JOIN US FOR THE NEXT INSTALLMENT IN THE BLACK HAT WEBCAST SERIES
HTTP Request Smuggling in 2020
Thursday, October 29, 2020
11:00AM - 12:00PM PDT  //  60 MINUTES, INCLUDING Q&A
  Sponsored By:

ExtraHop Networks
 
HTTP Request Smuggling is an attack technique invented in 2005, that exploits different interpretations of a stream of non-standard HTTP requests among various HTTP devices between the client (attacker) and the server (including the server itself). It can be used to smuggle requests across WAFs and security solutions, poison HTTP caches, inject responses to users and hijack user requests.

In the first part of this talk, Amit will present new HTTP Request Smuggling attack variants that work against present-day web servers and HTTP proxy servers. He’ll also present an attack which circumvents the HTTP Request Smuggling protection in a free, open source WAF.

In the second part of this talk, Amit will describe his C++ "Request Smuggling Firewall" class library that can be injected to any user-space process (web server or proxy server) to provide robust socket-level protection against HTTP Request Smuggling.

Finally, he’ll conclude with some anomalies he found in various web servers and proxy servers, showing there is a lot of potential for additional research in this area.”
 
Webcast Presenters
photo
Amit Klein
Amit Klein is a world-renowned information security expert, with 29 years in information security and over 30 published technical and academic papers on this topic. Amit is the VP Security Research at SafeBreach, responsible for researching various infiltration, exfiltration, and lateral movement attacks. Before SafeBreach, Amit was the CTO for Trusteer (acquired by IBM) for 8.5 years. Prior to Trusteer, Amit was Chief Scientist for Cyota (acquired by RSA) for 2 years, and prior to that, Director of Security and Research for Sanctum (acquired by Watchfire, now part of IBM security division) for 7 years.
photo
Sponsor Presenter: Jesse Munos
JesseMunos Technical Marketing Manager for Extrahop where he provides competitive analysis and technical content to his marketing focused peers.Jessestarted his career in 2014 as an escalations engineer with Cisco Systems where he focused on EDR and Malware Sandboxing technologies and API integrations. During that time he also presented at Cisco Live providing deep dive technical breakdowns and executive level briefings on Ciscos security portfolio. He focuses on pushing best of breed technology solutions that meet current customer needs while guiding product development to embracethe broader ecosystem integrations. On his own time he is an avid fiction reader with a penchant for military sciencefiction and fantasy, which melds well with his taste for scotch and wheat beer. If you catch him on the street feel free to bribe him with good conversation and hearty libation.
 

Upcoming Black Hat Events

 
October 17-20, 2020 | Virtual Event
 
December 7-10, 2020 | Virtual Event