Exploiting Client-Side Node.js with Moses Hernandez - Paul's Security Weekly #516
Paul's Security Weekly (Video) · Security Weekly Productions
Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
I know what you're thinking, Node.js is server-side right? Not exactly. It turns out many client-side applications have embedded Node.js. And its not always updated to the latest version. And, its vulnerable to attacks! Moses Hernandez is a Consulting Systems Engineer for Cisco Systems and an Instructor for pen testing courses at the SANS Institute. Moses shows us how to find Node.js on a system, locate the different versions, and exploit to bypass UAC!
Full Show Notes: https://wiki.securityweekly.com/Episode516
Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg
Security Weekly Website: http://securityweekly.com
Follow us on Twitter: @securityweekly