Nullcon Berlin 2022

Categories
2022 Bug Bounty conferences
What to expect 🔔

Since 2010, Nullcon has been running an annual security conference in Goa. To give some experience to their international community, Nullcon is now launching the first ever edition of Nullcon in Berlin, which will take place on April 8-9!

The purpose of the conference is to bring the community together to share exceptional insights on offensive and defensive security. It will gather security researchers around keynotes, technical talks and workshops – see the full agenda here.

YesWeHack is thrilled to support the first edition of Nullcon Berlin Conference & Training! #SharingisCaring

You’ll be able to find our team onsite – Phil Leatham, Senior Account Executive, and BitK, our Tech Ambassador. And don’t miss BitK’s workshop on April 9, 2pm – 3:30pm CET on the following topic:

Template injection on hardened targets

During his Black Hat 2015 presentation, James Kettle explained how template injections could lead to code execution. At the end of the talk, he recommended running application in containers with limited privileges and read-only file system. Six years later, containers are now the standard of web-app deployment and getting code execution inside a well isolated container can be seen as low impact.

In this workshop we will explore new template injection techniques specially crafted for hardened environment.

 

We will focus on two environments:

  • Python with Flask / Jinja2
  • JavaScript with Express / Vue

 

We will build our own tooling in Python to solve a series of challenges with increasing difficulty.

Required for the workshop:

  • Experience in Python/JavaScript
  • Basic Docker skill

Date(s): 08/04/2022 - 09/04/2022 | All Day

Location(s): Hotel NH Berlin Alexanderplatz | Landsberger Allee 26 | Berlin | Germany