Discuss trending vulnerabilities related to "bolt-on" AI wrappers on old systems caused credentials leaks, and how to find and defend against other real world red team and pen test engagements including advanced security topics like SQL injection, attack chaining, CSRF and command injection. Learn how to think like a hacker to help break the attack chain before the first link is formed.
You will learn:
- How to reproduce the traversal chain to harvest back-end artifacts from the presenter's real world original exploits and discuss how different job roles across an organization can do for attack mitigation
- How to map distinct vulnerabilities into a coherent kill chain, prioritize chaining opportunities with the highest business impact, and draft a red-team checklist and a blue-team break-chain playbook for continuous defense
- How to attack chaining works in web application hacking, and how low severity vulnerabilities chained together create severe exploits, especially when combined with generative AI tool orchestration (defense and offense using Azure OpenAI API)