Red Team Tactics and Techniques

CRTH08 Never Break the Chain: How Attack Chaining Builds 0-Days

11/21/2024

2:30pm - 3:45pm

Level: Intermediate

Erica Burgess

Cybersecurity and AI Architect

Tyler Technologies

Discuss trending vulnerabilities related to real-world business logic, and how defenders can avoid them by thinking like an attacker. Topics include advanced security issues, such as supply chain attacks, 3rd party vulnerabilities, dependency confusion, attack chaining, broken access control, command injection, custom 0-days made with AI, and how generative AI has changed the speed and accuracy of an attacker's next move.

You will learn:

  • How attack chaining works in web application hacking, and how low severity vulnerabilities chained together create severe exploits, especially when combined with generative AI (defense and offense using Azure OpenAI API).
  • What different job roles can do to help prevent the most severe attacks.
  • Remediations for each of the presented real-world examples of original exploits.