Inside Web Attacks: The Real Payloads

Presented at Black Hat Europe 2016, Nov. 4, 2016, 3:30 p.m. (30 minutes).

When serious vulnerabilities like ShellShock or ImageTragick are revealed, the announcement is often accompanied by PoC code. But what are the real payloads that attackers attempt to use when exploiting these vulnerabilities? Seeing the real payloads people use is often very difficult, but CloudFlare is in a unique position. By offering security services to over 4 million websites and detecting the exploitation of vulnerabilities like ShellShock or ImageTragick, we are able to see the actual payloads that attackers are using.


Presenters:

  • John Graham-Cumming - CTO, Cloudflare, Inc.
    John Graham-Cumming is Chief Technology Officer at the Internet performance and security company, CloudFlare. John studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany and France. His open source POPFile program won a Jolt Productivity Award in 2004. He is the author of a travel book for scientists published in 2009 called The Geek Atlas and The GNU Make Book. He is best known for having successfully petitioned the UK government to apologize for its treatment of Alan Turing.

Links:

Similar Presentations: