Hack the patch: and attack websites at large scale
Let me take you on a journey as close to zero day exploit as you can come without being the actual finder of the vulnerability your self. Lets take a closer look at a critical, real world attack from this year affecting around 25 000 sites. From a completely unauthenticated (any one in the world) state, bad actors get admin access to your website, your neighbours website and turn your servers to their bitcoin miners with RCE (Remote Code Execution). We do some serious, yet simple and easy to understand, hacking live on stage. I walk you through the steps involved in this attack and we try it out on a website of our own. Your expensive firewall, premium hosting or strong password policy is not going to help against these attacks :/ So lets talk security, hacking, countermeasures that works and; you guessed it. Disaster recovery!
Presented at Security Fest 2024.
Speaker: Emil TrägårdhAbout Emil Trägårdh
Emil Trägårdh is a Swedish hacker, entrepreneur and Blueteamer. At the age of 14 he created his first botnet and in high school he hacked a small city. At the age of 20 he founded a web dev agency and four years later he did his first large scale government contract with the Swedish authorities. In between, he traveled the world with his family for a year and he no longer works like regular people. Instead he devotes most of his time to security because it's fun!
