This course aims to teach learners about the security implications of Memcached injections. The primary goal is to identify input validation issues in key-value data that could lead to injecting arbitrary commands into the Memcached protocol. By exploring various Memcached wrappers for popular web development platforms, participants will learn about different injection types, state breaking, post-exploitation scenarios, and even witness a remote code execution (RCE) demonstration. The intended audience for this course includes security professionals, web developers, and individuals interested in understanding and mitigating security risks associated with Memcached implementations.
The New Page of Injections Book - Memcached Injections
Overview
Syllabus
Intro
Memcached BIO
Shodan stats
Protocol overview
Commands types
How applications uses memcached
Memcached wrappers
Scope of research
Injection types
Command injection
State breaking
Who is vulnerable
Argument injection
Length breaking
Post exploitation
Application level
Deserialization
RCE demo
Taught by
Black Hat
