SlideShare a Scribd company logo

DEF CON 27 - JOSHUA MADDUX - api induced ssrf

Felipe Prado
Felipe Prado

DEF CON 27 - JOSHUA MADDUX - api induced ssrf

Technology
1 of 63
API-Induced SSRF How Apple Pay Scattered Vulnerabilities Across the Web
About me ● Math degree ● Web developer, ~5 years ● Bounties ● At PKC ~1 year, web dev and code audits for clients - pkc.io Intro
Overview ● Definitions ● Demo some mistakes ○ Apple Pay ○ Twilio ○ Others ● How not to be like Apple Intro
Diagram of Inductive Weaknesses Weak Code (e.g. Heartbleed) Vulnerable Deployment Vulnerable Deployment ... Typical Class Breaks See Schneier’s blog post
Diagram of Inductive Weaknesses ??? Weak Code Weak Code Vulnerable Deployment Vulnerable Deployment ... ...
Diagram of Inductive Weaknesses Inductive Weakness Weak Code Weak Code Vulnerable Deployment Vulnerable Deployment ... ...
Inductive weakness: A design flaw that encourages multiple parties to write vulnerable code with a similar exploit pattern across differing software stacks. Definitions Image
SSRF Refresher
Definitions: SSRF 169.254.169.254 Payload with http://169.254.169.254/foo
Definitions: SSRF GET /foo 169.254.169.254 Payload with http://169.254.169.254/foo
Definitions: SSRF GET /foo sensitive data sensitive data 169.254.169.254 Payload with http://169.254.169.254/foo
Definitions: SSRF If you can relay requests through a GCP or AWS box...
Easy things to do with SSRF ● AWS, GCP have a gooey center ○ People have already criticized AWS/GCP for this ● file:/// urls ● Reflected XSS ○ Technically not SSRF Definitions: SSRF
SSRF: Hard mode ● Cross-protocol stuff ○ SMTP through gopher:// URLs ○ HTTP->memcached->RCE ■ See A New Era of SSRF ○ ??? Definitions: SSRF
Apple Pay Web Inductive SSRF
Apple Pay: 3 forms Apple Pay In-store In-app Web
these are unaffected Apple Pay In-store In-app Web criticising this
The intended flow ● Safari generates a validationURL (https://apple-pay-gateway-*.apple.com) Apple Pay
The intended flow ● Safari generates a validationURL (https://apple-pay-gateway-*.apple.com) ● Your JS sends validationURL to your backend Apple Pay
The intended flow ● Safari generates a validationURL (https://apple-pay-gateway-*.apple.com) ● Your JS sends validationURL to your backend ● Your backend grabs a session from validationURL and forwards it to the client Apple Pay
Apple Pay session session apple-pay-gateway.apple.com validationURL https://apple-pay-gateway.apple.com /paymentservices/paymentSession merchant
Apple Pay GET /foo sensitive data sensitive data 169.254.169.254 validationURL https://169.254.169.254/foo
Demos
appr-wrapper ● Under GoogleChromeLabs on github ● Written, deployed by an @google.com account ● A sort of polyfill between Apple Pay and the PaymentRequest API ● A test deployment, so low severity target Apple Pay
webkit.org ● Maintained by Apple ● Another demo, but on a higher-severity target Apple Pay
Apple Pay Diagram of Apple Pay, like the SSRF one Apple’s response Just added this
Disclosure timeline ● Feb 11, Initial email to Apple ● March 26, Apple updated docs ● May 14, Apple concluded investigation. I replied with follow-up questions. ● … Then Apple ghosted for 2 months :( Apple Pay
Apple Pay Diagram of Apple Pay, like the SSRF one One mitigation...
Apple Pay Diagram of Apple Pay, like the SSRF one General mitigations Apple Pay ● Check validationURL against Apple’s list ● Stripe and Braintree handle this flow, so you’re safe if you use them
Apple Pay Diagram of Apple Pay, like the SSRF one General mitigations SSRF in general ● Whitelist egress traffic ● Protect your metadata like Netflix: Detecting Credential Compromise in AWS ● Be mindful of local, unauthenticated stuff on servers
Apple Pay Diagram of Apple Pay, like the SSRF one Ineffective mitigations Do not: ● Use a regex to validate the domain ○ Sometimes people try a regex like https?://.*.apple.com/.* ○ But that matches: http://localhost/?.apple.com/... ● Rely on HTTPS to prevent cross-protocol attacks ○ See slide 16 of A New Era of SSRF
Webhooks
Previous webhook exploits Webhooks Payload would go here ● http://169.254.169.254 ● gopher://localhost:11211/...
Diagram of Inductive Weaknesses Webhook sender Listener Listener ... Most attack this I’m after these
How Twilio Authenticates Webhooks Webhooks ● HMAC and hope the listener checks it ● Lots of webhooks do this, Twilio’s not unique
The problem Webhooks ● Who failed to check the HMAC? ○ 23 out of 31 open-source projects
The problem Webhooks ● Who failed to check the HMAC? ○ 23 out of 31 open-source projects ○ Most of Twilio’s example code
The problem Webhooks ● Who failed to check the HMAC? ○ 23 out of 31 open-source projects ○ Most of Twilio’s example code ● Contributing factors ○ Bad documentation ○ The easiest receiver implementation is a vulnerability
Demo: Webhooks
Twilio Example Code ● Examples themselves not deployed publicly ● But, did find vulns where it was copied/pasted Apple Pay
Disclosure timeline ● Feb 17, Initial email to Twilio ● March 6, Twilio updated some of the docs ● Rejected all architectural changes due to “unforeseen issues” Webhooks
WebhooksWhat about nexmo? Source
WebhooksWhat about nexmo? Source
Webhooks { "object_kind": "push", "commits": [{ "message": "Initial commit of foo project", "url": "https://...", ... }], "repository": { "url": "git@your.git.url/something.git", ... }, ... } Gitlab webhooks: the happy path
Webhooks What did I do? ● Found a server that was receiving gitlab webhooks ○ On the open internet ○ Was the trigger of build pipelines for multiple tenants...
Webhooks { "object_kind": "push", "commits": [{ "message": "Initial commit of foo project", "url": "https://...", ... }], "repository": { "url": "git@your.git.url/something.git", ... }, ... } Gitlab webhooks: what I did Put the tenant’s gitlab url here
Webhooks { "object_kind": "push", "commits": [{ "message": "Click here to do something! :D", "url": "javascript:alert('XSS on: ' + window.origin);", ... }], "repository": { "url": "git@your.git.url/something.git", ... }, ... } Gitlab webhooks: what I did
Webhooks What are some better ways to send webhooks? ● For crypto nerds: authenticated cipher ○ E.g. AES-GCM ○ Still symmetrical like an HMAC ○ Forces webhook consumers to decrypt, so they’ll accidentally verify the GCM tag you send them
Webhooks What are some better ways to send webhooks? ● More practical: only send high-entropy, cryptographically random event IDs ○ Webhook consumer has to fetch /items/?id=<id> with their API token ○ Plaid does roughly this
Webhooks What are some better ways to send webhooks? ● For existing webhooks: test & warn ○ During registration, do 2 test requests: ■ 1 valid MAC ■ 1 invalid MAC ○ Warn if they get the same response code
What else?
Salesforce Objects vs Dynamodb Both: ● NoSQL-like object storage ● REST APIs with custom SQL-like queries
/?q=SELECT+id+from+Foo+WHERE+name+LIKE+'...' Salesforce SOQL Inject here
Salesforce SOQL Source
POST / HTTP/1.1 { "TableName": "ProductCatalog", "KeyConditionExpression": "Price <= :p", "ExpressionAttributeValues": { ":p": {"N": "500"}, }, } Dynamodb: Better Enforced Parametrization
Closing Thoughts
From Apple after two months of silence “Developers are responsible for implementing whatever security and networking best practices make the most sense for their environment.” Apple Pay
“If you’ve built a chaos factory, you can’t dodge responsibility for the chaos.” Tim Cook, Apple CEO Closing Thoughts Source
Financial ● Low-hanging bounty fruit ● Embarrassment ● High-interest tech debt Closing Thoughts
Designing defensive APIs ● Audit your example code ● Be careful about passing around URLs ● If “Do this or you’re vulnerable!” is in your documentation, try to make the warning unnecessary Closing Thoughts
Acknowledgments ● Jonathan Ming at PKC - asked the initial questions about Apple Pay ● Arte Ebrahimi at PKC - pointed me to the Nexmo stuff ● Ken Kantzer at PKC - helped with the presentation ● Andrew Crocker at EFF - legal assistance Closing Thoughts
Thank you! www.pkc.io

Recommended

[CB19] API-induced SSRF: How Apple Pay Scattered Vulnerabilities Across the W...
[CB19] API-induced SSRF: How Apple Pay Scattered Vulnerabilities Across the W...[CB19] API-induced SSRF: How Apple Pay Scattered Vulnerabilities Across the W...
[CB19] API-induced SSRF: How Apple Pay Scattered Vulnerabilities Across the W...CODE BLUE
 
Fluxish Angular
Fluxish AngularFluxish Angular
Fluxish AngularFilip Janevski
 
Thinkful - Intro to JavaScript
Thinkful - Intro to JavaScriptThinkful - Intro to JavaScript
Thinkful - Intro to JavaScriptTJ Stalcup
 
Flink in action
Flink in actionFlink in action
Flink in actionArtem Semenenko
 
SEMjs - Planting Seeds with Elm
SEMjs - Planting Seeds with ElmSEMjs - Planting Seeds with Elm
SEMjs - Planting Seeds with ElmMike Onslow
 
Cakephp vs. laravel
Cakephp vs. laravelCakephp vs. laravel
Cakephp vs. laravelGirnarSoft
 
PWA to React Native migration
PWA to React Native migrationPWA to React Native migration
PWA to React Native migrationOleksandr Tryshchenko
 
Intro to javascript (6:19)
Intro to javascript (6:19)Intro to javascript (6:19)
Intro to javascript (6:19)Thinkful
 

Recommended

[CB19] API-induced SSRF: How Apple Pay Scattered Vulnerabilities Across the W...
[CB19] API-induced SSRF: How Apple Pay Scattered Vulnerabilities Across the W...[CB19] API-induced SSRF: How Apple Pay Scattered Vulnerabilities Across the W...
[CB19] API-induced SSRF: How Apple Pay Scattered Vulnerabilities Across the W...CODE BLUE
 
Fluxish Angular
Fluxish AngularFluxish Angular
Fluxish AngularFilip Janevski
 
Thinkful - Intro to JavaScript
Thinkful - Intro to JavaScriptThinkful - Intro to JavaScript
Thinkful - Intro to JavaScriptTJ Stalcup
 
Flink in action
Flink in actionFlink in action
Flink in actionArtem Semenenko
 
SEMjs - Planting Seeds with Elm
SEMjs - Planting Seeds with ElmSEMjs - Planting Seeds with Elm
SEMjs - Planting Seeds with ElmMike Onslow
 
Cakephp vs. laravel
Cakephp vs. laravelCakephp vs. laravel
Cakephp vs. laravelGirnarSoft
 
PWA to React Native migration
PWA to React Native migrationPWA to React Native migration
PWA to React Native migrationOleksandr Tryshchenko
 
Intro to javascript (6:19)
Intro to javascript (6:19)Intro to javascript (6:19)
Intro to javascript (6:19)Thinkful
 
Slobodan Stojanovic - 8 1/2 things about serverless
Slobodan Stojanovic - 8 1/2 things about serverless Slobodan Stojanovic - 8 1/2 things about serverless
Slobodan Stojanovic - 8 1/2 things about serverless FDConf
 
From Legacy to Hexagonal (An Unexpected Android Journey)
From Legacy to Hexagonal (An Unexpected Android Journey)From Legacy to Hexagonal (An Unexpected Android Journey)
From Legacy to Hexagonal (An Unexpected Android Journey)Jose Manuel Pereira Garcia
 
LINQ in Visual Studio 2008
LINQ in Visual Studio 2008LINQ in Visual Studio 2008
LINQ in Visual Studio 2008ukdpe
 
Functional Reactive Programming
Functional Reactive ProgrammingFunctional Reactive Programming
Functional Reactive ProgrammingAlessandro Melchiori
 
Untangling11
Untangling11Untangling11
Untangling11Derek Jacoby
 
Brief introduction into Padding Oracle attack vector
Brief introduction into Padding Oracle attack vectorBrief introduction into Padding Oracle attack vector
Brief introduction into Padding Oracle attack vectorPayampardaz
 
GraphQL-PHP: Dos and don'ts
GraphQL-PHP: Dos and don'tsGraphQL-PHP: Dos and don'ts
GraphQL-PHP: Dos and don'tsVáclav Šír
 
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii LosIlyaDmitriev11
 
Modern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and MonitoringModern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and MonitoringNeil Mansilla
 
Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Derek Jacoby
 
Php Debugging from the Trenches
Php Debugging from the TrenchesPhp Debugging from the Trenches
Php Debugging from the TrenchesSimon Jones
 
Wrapping and Securing REST APIs with GraphQL
Wrapping and Securing REST APIs with GraphQLWrapping and Securing REST APIs with GraphQL
Wrapping and Securing REST APIs with GraphQLRoy Derks
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioHYS Enterprise
 
Mixing Plone and Django for explosive results
Mixing Plone and Django for explosive resultsMixing Plone and Django for explosive results
Mixing Plone and Django for explosive resultsSimone Deponti
 
Introducing Ghost Inspector
Introducing Ghost InspectorIntroducing Ghost Inspector
Introducing Ghost InspectorNeil Mansilla
 
Plataforma distribuída de Microserviços ou, como a Olist funciona
Plataforma distribuída de Microserviços ou, como a Olist funcionaPlataforma distribuída de Microserviços ou, como a Olist funciona
Plataforma distribuída de Microserviços ou, como a Olist funcionaOsvaldo Santana Neto
 
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018Codemotion
 
Angular js
Angular jsAngular js
Angular jsMauro Servienti
 
Building and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache AirflowBuilding and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache AirflowKaxil Naik
 
Apache Flink Adoption at Shopify
Apache Flink Adoption at ShopifyApache Flink Adoption at Shopify
Apache Flink Adoption at ShopifyYaroslav Tkachenko
 
On component interface
On component interfaceOn component interface
On component interfaceLaurence Chen
 
May 2021 Spark Testing ... or how to farm reputation on StackOverflow
May 2021 Spark Testing ... or how to farm reputation on StackOverflowMay 2021 Spark Testing ... or how to farm reputation on StackOverflow
May 2021 Spark Testing ... or how to farm reputation on StackOverflowAdam Doyle
 

More Related Content

What's hot

Slobodan Stojanovic - 8 1/2 things about serverless
Slobodan Stojanovic - 8 1/2 things about serverless Slobodan Stojanovic - 8 1/2 things about serverless
Slobodan Stojanovic - 8 1/2 things about serverless FDConf
 
From Legacy to Hexagonal (An Unexpected Android Journey)
From Legacy to Hexagonal (An Unexpected Android Journey)From Legacy to Hexagonal (An Unexpected Android Journey)
From Legacy to Hexagonal (An Unexpected Android Journey)Jose Manuel Pereira Garcia
 
LINQ in Visual Studio 2008
LINQ in Visual Studio 2008LINQ in Visual Studio 2008
LINQ in Visual Studio 2008ukdpe
 
Brief introduction into Padding Oracle attack vector
Brief introduction into Padding Oracle attack vectorBrief introduction into Padding Oracle attack vector
Brief introduction into Padding Oracle attack vectorPayampardaz
 
GraphQL-PHP: Dos and don'ts
GraphQL-PHP: Dos and don'tsGraphQL-PHP: Dos and don'ts
GraphQL-PHP: Dos and don'tsVáclav Šír
 
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii LosIlyaDmitriev11
 
Modern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and MonitoringModern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and MonitoringNeil Mansilla
 
Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Derek Jacoby
 
Php Debugging from the Trenches
Php Debugging from the TrenchesPhp Debugging from the Trenches
Php Debugging from the TrenchesSimon Jones
 
Wrapping and Securing REST APIs with GraphQL
Wrapping and Securing REST APIs with GraphQLWrapping and Securing REST APIs with GraphQL
Wrapping and Securing REST APIs with GraphQLRoy Derks
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioHYS Enterprise
 
Mixing Plone and Django for explosive results
Mixing Plone and Django for explosive resultsMixing Plone and Django for explosive results
Mixing Plone and Django for explosive resultsSimone Deponti
 
Introducing Ghost Inspector
Introducing Ghost InspectorIntroducing Ghost Inspector
Introducing Ghost InspectorNeil Mansilla
 
Plataforma distribuída de Microserviços ou, como a Olist funciona
Plataforma distribuída de Microserviços ou, como a Olist funcionaPlataforma distribuída de Microserviços ou, como a Olist funciona
Plataforma distribuída de Microserviços ou, como a Olist funcionaOsvaldo Santana Neto
 
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018Codemotion
 

What's hot (17)

Slobodan Stojanovic - 8 1/2 things about serverless
Slobodan Stojanovic - 8 1/2 things about serverless Slobodan Stojanovic - 8 1/2 things about serverless
Slobodan Stojanovic - 8 1/2 things about serverless
 
From Legacy to Hexagonal (An Unexpected Android Journey)
From Legacy to Hexagonal (An Unexpected Android Journey)From Legacy to Hexagonal (An Unexpected Android Journey)
From Legacy to Hexagonal (An Unexpected Android Journey)
 
LINQ in Visual Studio 2008
LINQ in Visual Studio 2008LINQ in Visual Studio 2008
LINQ in Visual Studio 2008
 
Functional Reactive Programming
Functional Reactive ProgrammingFunctional Reactive Programming
Functional Reactive Programming
 
Untangling11
Untangling11Untangling11
Untangling11
 
Brief introduction into Padding Oracle attack vector
Brief introduction into Padding Oracle attack vectorBrief introduction into Padding Oracle attack vector
Brief introduction into Padding Oracle attack vector
 
GraphQL-PHP: Dos and don'ts
GraphQL-PHP: Dos and don'tsGraphQL-PHP: Dos and don'ts
GraphQL-PHP: Dos and don'ts
 
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los
“Fighting with giants - GraphQL soft adoption at Revolut” by Andrii Los
 
Modern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and MonitoringModern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and Monitoring
 
Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Untangling - fall2017 - week 10
Untangling - fall2017 - week 10
 
Php Debugging from the Trenches
Php Debugging from the TrenchesPhp Debugging from the Trenches
Php Debugging from the Trenches
 
Wrapping and Securing REST APIs with GraphQL
Wrapping and Securing REST APIs with GraphQLWrapping and Securing REST APIs with GraphQL
Wrapping and Securing REST APIs with GraphQL
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenario
 
Mixing Plone and Django for explosive results
Mixing Plone and Django for explosive resultsMixing Plone and Django for explosive results
Mixing Plone and Django for explosive results
 
Introducing Ghost Inspector
Introducing Ghost InspectorIntroducing Ghost Inspector
Introducing Ghost Inspector
 
Plataforma distribuída de Microserviços ou, como a Olist funciona
Plataforma distribuída de Microserviços ou, como a Olist funcionaPlataforma distribuída de Microserviços ou, como a Olist funciona
Plataforma distribuída de Microserviços ou, como a Olist funciona
 
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018
Matteo Vaccari - Going Frameworkless in the Backend - Codemotion Milan 2018
 

Similar to DEF CON 27 - JOSHUA MADDUX - api induced ssrf

Building and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache AirflowBuilding and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache AirflowKaxil Naik
 
Apache Flink Adoption at Shopify
Apache Flink Adoption at ShopifyApache Flink Adoption at Shopify
Apache Flink Adoption at ShopifyYaroslav Tkachenko
 
On component interface
On component interfaceOn component interface
On component interfaceLaurence Chen
 
May 2021 Spark Testing ... or how to farm reputation on StackOverflow
May 2021 Spark Testing ... or how to farm reputation on StackOverflowMay 2021 Spark Testing ... or how to farm reputation on StackOverflow
May 2021 Spark Testing ... or how to farm reputation on StackOverflowAdam Doyle
 
React and GraphQL at Stripe
React and GraphQL at StripeReact and GraphQL at Stripe
React and GraphQL at StripeSashko Stubailo
 
Who needs containers in a serverless world
Who needs containers in a serverless worldWho needs containers in a serverless world
Who needs containers in a serverless worldMatthias Luebken
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
Has serverless adoption hit a roadblock?
Has serverless adoption hit a roadblock?Has serverless adoption hit a roadblock?
Has serverless adoption hit a roadblock?Veselin Pizurica
 
Have your Cake and Eat it Too - Architecture for Batch and Real-time processing
Have your Cake and Eat it Too - Architecture for Batch and Real-time processingHave your Cake and Eat it Too - Architecture for Batch and Real-time processing
Have your Cake and Eat it Too - Architecture for Batch and Real-time processingDataWorks Summit
 
AWS Lambda and Serverless framework: lessons learned while building a serverl...
AWS Lambda and Serverless framework: lessons learned while building a serverl...AWS Lambda and Serverless framework: lessons learned while building a serverl...
AWS Lambda and Serverless framework: lessons learned while building a serverl...Luciano Mammino
 
From Zero to Streaming Healthcare in Production (Alexander Kouznetsov, Invita...
From Zero to Streaming Healthcare in Production (Alexander Kouznetsov, Invita...From Zero to Streaming Healthcare in Production (Alexander Kouznetsov, Invita...
From Zero to Streaming Healthcare in Production (Alexander Kouznetsov, Invita...confluent
 
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...Kaxil Naik
 
JavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep DiveJavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep DiveAndreas Grabner
 
Basic iOS Training with SWIFT - Part 4
Basic iOS Training with SWIFT - Part 4Basic iOS Training with SWIFT - Part 4
Basic iOS Training with SWIFT - Part 4Manoj Ellappan
 
Delivering Developer Tools at Scale
Delivering Developer Tools at ScaleDelivering Developer Tools at Scale
Delivering Developer Tools at ScaleOracle Developers
 
Intro To Spring Python
Intro To Spring PythonIntro To Spring Python
Intro To Spring Pythongturnquist
 
API workshop by AWS and 3scale
API workshop by AWS and 3scaleAPI workshop by AWS and 3scale
API workshop by AWS and 3scale3scale
 

Similar to DEF CON 27 - JOSHUA MADDUX - api induced ssrf (20)

Angular js
Angular jsAngular js
Angular js
 
Building and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache AirflowBuilding and deploying LLM applications with Apache Airflow
Building and deploying LLM applications with Apache Airflow
 
Apache Flink Adoption at Shopify
Apache Flink Adoption at ShopifyApache Flink Adoption at Shopify
Apache Flink Adoption at Shopify
 
On component interface
On component interfaceOn component interface
On component interface
 
May 2021 Spark Testing ... or how to farm reputation on StackOverflow
May 2021 Spark Testing ... or how to farm reputation on StackOverflowMay 2021 Spark Testing ... or how to farm reputation on StackOverflow
May 2021 Spark Testing ... or how to farm reputation on StackOverflow
 
React and GraphQL at Stripe
React and GraphQL at StripeReact and GraphQL at Stripe
React and GraphQL at Stripe
 
Who needs containers in a serverless world
Who needs containers in a serverless worldWho needs containers in a serverless world
Who needs containers in a serverless world
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 
Has serverless adoption hit a roadblock?
Has serverless adoption hit a roadblock?Has serverless adoption hit a roadblock?
Has serverless adoption hit a roadblock?
 
Have your cake and eat it too
Have your cake and eat it tooHave your cake and eat it too
Have your cake and eat it too
 
Have your Cake and Eat it Too - Architecture for Batch and Real-time processing
Have your Cake and Eat it Too - Architecture for Batch and Real-time processingHave your Cake and Eat it Too - Architecture for Batch and Real-time processing
Have your Cake and Eat it Too - Architecture for Batch and Real-time processing
 
AWS Lambda and Serverless framework: lessons learned while building a serverl...
AWS Lambda and Serverless framework: lessons learned while building a serverl...AWS Lambda and Serverless framework: lessons learned while building a serverl...
AWS Lambda and Serverless framework: lessons learned while building a serverl...
 
From Zero to Streaming Healthcare in Production (Alexander Kouznetsov, Invita...
From Zero to Streaming Healthcare in Production (Alexander Kouznetsov, Invita...From Zero to Streaming Healthcare in Production (Alexander Kouznetsov, Invita...
From Zero to Streaming Healthcare in Production (Alexander Kouznetsov, Invita...
 
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
 
JavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep DiveJavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep Dive
 
Basic iOS Training with SWIFT - Part 4
Basic iOS Training with SWIFT - Part 4Basic iOS Training with SWIFT - Part 4
Basic iOS Training with SWIFT - Part 4
 
Delivering Developer Tools at Scale
Delivering Developer Tools at ScaleDelivering Developer Tools at Scale
Delivering Developer Tools at Scale
 
Intro To Spring Python
Intro To Spring PythonIntro To Spring Python
Intro To Spring Python
 
API workshop by AWS and 3scale
API workshop by AWS and 3scaleAPI workshop by AWS and 3scale
API workshop by AWS and 3scale
 
Google Cloud Dataflow
Google Cloud DataflowGoogle Cloud Dataflow
Google Cloud Dataflow
 

More from Felipe Prado

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsFelipe Prado
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionFelipe Prado
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101Felipe Prado
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentFelipe Prado
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareFelipe Prado
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...Felipe Prado
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceFelipe Prado
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistFelipe Prado
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksFelipe Prado
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityFelipe Prado
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsFelipe Prado
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksFelipe Prado
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncFelipe Prado
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesFelipe Prado
 

More from Felipe Prado (20)

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

DEF CON 27 - JOSHUA MADDUX - api induced ssrf