What to expect 🔔
Since 2010, Nullcon has been running an annual security conference in Goa. To give some experience to their international community, Nullcon is now launching the first ever edition of Nullcon in Berlin, which will take place on April 8-9!
The purpose of the conference is to bring the community together to share exceptional insights on offensive and defensive security. It will gather security researchers around keynotes, technical talks and workshops – see the full agenda here.
YesWeHack is thrilled to support the first edition of Nullcon Berlin Conference & Training! #SharingisCaring
Template injection on hardened targets
During his Black Hat 2015 presentation, James Kettle explained how template injections could lead to code execution. At the end of the talk, he recommended running application in containers with limited privileges and read-only file system. Six years later, containers are now the standard of web-app deployment and getting code execution inside a well isolated container can be seen as low impact.
In this workshop we will explore new template injection techniques specially crafted for hardened environment.
We will focus on two environments:
- Python with Flask / Jinja2
We will build our own tooling in Python to solve a series of challenges with increasing difficulty.
Required for the workshop:
- Basic Docker skill
Date(s): 08/04/2022 - 09/04/2022 | All Day
Location(s): Hotel NH Berlin Alexanderplatz | Landsberger Allee 26 | Berlin | Germany