In this episode of Security Nation, Jen and Tod talk to James Kettle of PortSwigger. Their discussion includes research for new web-attack techniques and how those get field tested (hint: bug bounties). The research is kept fresh from donations gleaned from the bug bounty field tests. PortSwigger validates their research in the real world, and those advances in web-attack techniques are published and disseminated in and effort to fix bugs and misconfigurations.
Stick around for the Rapid Rundown, where Tod and Jen talk about the recent Fortinet advisory concerning the βsilent patchingβ of bugs without disclosure of any real details β only to have attackers go and reverse it all anyway.
James βalbinowaxβ Kettle is Director of Research at PortSwigger. His latest work includes browser-powered desync attacks and web-cache poisoning. James has extensive experience cultivating novel attack techniques, including RCE via Server-Side Template Injection and abusing the HTTP Host header to poison password reset emails and server-side caches. James is also the author of various popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues, including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEFCON.
Interview links
Prior Security Nation episode in which loads of Portswigger references were dropped:
https://www.rapid7.com/blog/post/2021/08/18/security-nation-daniel-crowley/
New research from James about browser-powered desync attacks:
https://portswigger.net/research/browser-powered-desync-attacks
Rapid Rundown links
Semi-secret Fortinet advisory: <https://twitter.com/Gi7w0rm/status/1578398457227878407>
CVE Details as they come: <https://www.rapid7.com/blog/post/2022/10/07/cve-2022-40684-remote-authentication-bypass-vulnerability-in-fortinet-firewalls-web-proxies/>
Existence of Fortinet CVE-2022-40684 PoC posted, but not the PoC itself: <https://twitter.com/Horizon3Attack/status/1579285863108087810>
The Hidden Harms of Silent Patches: <https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/>
Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.