Never Break the Chain: Attack Chaining for 0-Days

Presented at CactusCon 12 (2024), Feb. 16, 2024, 4 p.m. (60 minutes).

Discuss trending vulnerabilities related to real-world business logic, and how defenders can avoid them by thinking like an attacker. Topics include advanced security issues, such as supply chain attacks, 3rd party vulnerabilities, dependency confusion, attack chaining, broken access control, command injection, and more.

Presenters:

• Erica - Tyler Technologies
  Erica was a software engineer and cybersecurity hobbyist for several years before becoming an application security red-teamer in 2018. Since then, she has been earning bug bounties, blogging new CVEs and original exploit techniques, training penetration testers and conducting R&D projects as a cybersecurity technical lead. Erica organizes 2600, a local offensive cybersecurity meetup, and has spoken about hacking, bot writing, and various hacking topics at many conferences and meetups, including DC207, IC2, Tyler Connect, as well as SkyTalks and DEFCON, the world's largest hacker conference. She has also volunteered at Red Team Village at DEFCON in Vegas. Erica holds a Bachelor of Science in Computer Science from the University of Southern Maine.

Links:

• https://cactuscon-12.sessionize.com/session/556910

Similar Presentations:

• BSidesLV 2019 / Supply Chain Security
• May Contain Hackers (MCH2022) / Supply chain security; addressing risk and dependencies issues the right way (with open source!)