Kai Ullrich is working in IT security for almost 25 years. For the past six years, he has been working as a penetration tester and security researcher. During this time, he found numerous 0-day vulnerabilities in well-known products. He currently works as a freelance cybersecurity consultant, helping his clients to organically increase the security level of their organization.

LOCATION: Zürich
KEYWORDS: Security, Lessons learned, Methods, Research

SPEAKER: Kai Ullich   COMPANY: Freelance Cybersecurity Consultant
SLIDES: 230404_Offensive_Security.pdf

Most people remember the log4shell shockwaves, but did you know that the underlying problem was already well known since 2016, and that it also plays a central role in other vulnerabilities? Did you know that XSL transformation can be extremely dangerous? Can you imagine how model binding in Spring MVC was perfidiously exploited to write malicious code onto the target machine in April 2022?

Dive into the world of Java vulnerabilities and their exploitation for an hour and expand your horizons with things that could make the difference between secure and insecure in your next project.

LANGUAGE: Talk: en / Slides: en

Kai Ullrich is working in IT security for almost 25 years. For the past six years, he has been working as a penetration tester and security researcher. During this time, he found numerous 0-day vulnerabilities in well-known products. He currently works as a freelance cybersecurity consultant, helping his clients to organically increase the security level of their organization.

---