Overview
This course focuses on Response Smuggling, a lesser-known attack vector in HTTP Smuggling. The learning outcomes include understanding a new Desync variant, injecting messages at the backend server, and utilizing Response Scripting to create custom malicious outbound messages. The course teaches skills such as exploiting HTTP connections, manipulating connection headers, and hijacking user sessions. The teaching method includes presentations, demos, and real system examples. The intended audience for this course is security professionals, researchers, and individuals interested in web security and reverse engineering.
Syllabus
Introduction
Agenda
What is Response Smuggling
Connection Headers
Exploits
Request Smuggling
Desynchronization
Synchronization Attack
Synchronization Attack Example
Demo
Cache Control Demo
In Real Systems
Video Demo
New Response
Conclusions
Questions
Taught by
Hack In The Box Security Conference