PLEASE JOIN US FOR THE NEXT INSTALLMENT IN THE BLACK HAT WEBCAST SERIES

HTTP Request Smuggling in 2020

Thursday, October 29, 2020

11:00AM - 12:00PM PDT // 60 MINUTES, INCLUDING Q&A

	Sponsored By:

HTTP Request Smuggling is an attack technique invented in 2005, that exploits different interpretations of a stream of non-standard HTTP requests among various HTTP devices between the client (attacker) and the server (including the server itself). It can be used to smuggle requests across WAFs and security solutions, poison HTTP caches, inject responses to users and hijack user requests.

In the first part of this talk, Amit will present new HTTP Request Smuggling attack variants that work against present-day web servers and HTTP proxy servers. He’ll also present an attack which circumvents the HTTP Request Smuggling protection in a free, open source WAF.

In the second part of this talk, Amit will describe his C++ "Request Smuggling Firewall" class library that can be injected to any user-space process (web server or proxy server) to provide robust socket-level protection against HTTP Request Smuggling.

Finally, he’ll conclude with some anomalies he found in various web servers and proxy servers, showing there is a lot of potential for additional research in this area.”

Webcast Presenters

Amit Klein

Amit Klein is a world-renowned information security expert, with 29 years in information security and over 30 published technical and academic papers on this topic. Amit is the VP Security Research at SafeBreach, responsible for researching various infiltration, exfiltration, and lateral movement attacks. Before SafeBreach, Amit was the CTO for Trusteer (acquired by IBM) for 8.5 years. Prior to Trusteer, Amit was Chief Scientist for Cyota (acquired by RSA) for 2 years, and prior to that, Director of Security and Research for Sanctum (acquired by Watchfire, now part of IBM security division) for 7 years.

Sponsor Presenter: Jesse Munos

JesseMunos Technical Marketing Manager for Extrahop where he provides competitive analysis and technical content to his marketing focused peers.Jessestarted his career in 2014 as an escalations engineer with Cisco Systems where he focused on EDR and Malware Sandboxing technologies and API integrations. During that time he also presented at Cisco Live providing deep dive technical breakdowns and executive level briefings on Ciscos security portfolio. He focuses on pushing best of breed technology solutions that meet current customer needs while guiding product development to embracethe broader ecosystem integrations. On his own time he is an avid fiction reader with a penchant for military sciencefiction and fantasy, which melds well with his taste for scotch and wheat beer. If you catch him on the street feel free to bribe him with good conversation and hearty libation.

Upcoming Black Hat Events

BLACK HAT TRAININGS @ SECTOR

October 17-20, 2020 | Virtual Event

BLACK HAT EUROPE

December 7-10, 2020 | Virtual Event

Black Hat c/o Informa Tech

Informa Tech Holdings LLC registered in England & Wales with number 8860726,
registered office and head office 5 Howick Place, London, SW1P 1WG, UK.

This email was sent to newsletter@newslettercollector.com.