The number of vulnerabilities in 2021 have dramatically increased so that the technical teams in charge of the patch management ﬁnd themselves drowning in a myriad of critical and urgent task
Citrix ICA is a complex multi-layered protocol which uses multiplexed frames, compression and encryption over a single TCP connection. Rather than creating a complete bespoke program to proxy and manipulate the traffic, CANAPE can be used to provide the networking, parsing and fuzzing infrastructure to significantly reduce development effort.
Michael Jordon is a Principal Consultant at Context Information Security and has 11 years experience within the IT security and software development industry. Michael developed the Context App Tool (CAT) which is a web application security tool for performing manual application assessments. He has presented at various conferences including InfoSec, OWASP and RuxCon. He has also released advisories in software products including Sophos, Citrix and Outlook web access and released a whitepaper on ‘Assessing Cloud Node Security’.
James is a principal consultant at Context Information Security Limited; a UK based security consultancy firm with a presence in Australia through our Melbourne office. He has been involved with computer hardware and software security for almost 10 years with a skill set which covers the bread and butter of the security industry such as application testing, through to more bespoke product assessment, vulnerability analysis and exploitation. He is also the developer of the CANAPE tool being presented at Black Hat.
He has presented at a number of conferences included Chaos Computer Congress and Ruxcon.
Written by: NJ Ouchn
"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Tools NJ Ouchn
The presentation will discuss the vulnerability XPATH Injection in depth and we will cover advanced exploitation techniques. We will talk about xpath 2.0 and how an attacker can not just ...