I recently had the opportunity to give a talk for Phreaks 2600 on Server-Side Attacks. During this session, we explored various types of server-side attacks, discussing their implications and how to mitigate them effectively.
Overview
In this talk, we covered:
- Common Server-Side Vulnerabilities: Understanding the weaknesses that can be exploited.
- Attack Techniques: A deep dive into various attack methods, including:
- Server-Side Request Forgery (SSRF)
- Server-Side Template Injection (SSTI)
- XML External Entity (XXE)
- Server-Side Includes (SSI)
The goal was to equip attendees with the knowledge to recognize and defend against these attacks in real-world scenarios.
You can view the complete presentation below:
Challenges
As part of the talk, I have made available several challenges that attendees can work on to practice their skills. You can download the challenge files here:
SSRF
SSTI
XSLT
Feel free to reach out if you have any questions or need further clarification on the topics discussed!
Felix Billieres
Junior Pentester | Web Security Enthusiast 🌐 | AD Researcher 🖥️ | Tool Developer 🔧
École 2600 🎓 & Phreaks2600