July 7th, 2020
SafeBreach researchers will be presenting two sessions at Black Hat 2020:
- New Microsoft Windows vulnerability on Print Spooler – one of three Stuxnet vulnerabilities
- Four new attack variants of #HTTP Request Smuggling
Sunnyvale, California — July 7th, 2020. SafeBreach, provider of the leading breach-and-attack simulation (BAS) platform to validate security controls, visualize security risk and prioritize remediations, today announced its experts will present novel insights on Stuxnet printer spool vulnerability and an update on HTTP Request Smuggling with four new attack variants at the Black Hat USA 2020 virtual event from August 1 – 6. One of the premier cybersecurity events in the world, the annual Black Hat USA Conference gathers the smartest researchers and hackers to demonstrate new exploits, cover trends, and discuss cybersecurity policy issues.
Black Hat 2020 Sessions Featuring SafeBreach Lab’s Research:
SafeBreach’s VP of Security Research Amit Klein will present “HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges” on the AppSec and Network Security topic track on August 5th at 10am PT. The talk will demonstrate four new HTTP Request Smuggling attack variants that work against COTS, popular, present-day web servers and HTTP proxy servers, and discuss the shortcomings of existing free, open-source solutions for HTTP Request Smuggling.
SafeBreach Labs Security Researcher Peleg Hadar and Research Team Leader Tomer Bar will present “#A Decade After Stuxnet’s Printer Vulnerability: Printing is Still the Stairway to Heaven” in the Cloud & Platform Security and Exploit Development topic track on August 6th at 11am PT. The talk will analyze two past Stuxnet’s vulnerabilities and how they were partially patched (even multiple times) and provide a live demo of two 0-day vulnerabilities discovered in the Windows Print Spooler, which was the third disclosed Stuxnet vulnerability and was thought to be patched.
The researchers will also present at the DEF CON (R) Conference.
About SafeBreach: SafeBreach is the world’s most widely used breach-and-attack-simulation platform. The company’s patented platform provides a near real-time “hacker’s view” of an enterprise’s security posture to proactively predict attacks, validate security controls, and improve security operations center (SOC) analyst response capabilities. SafeBreach automatically and safely executes thousands of breach methods validating network, endpoint, cloud, and email security controls by leveraging its extensive and growing Hacker’s Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital Partners, OCV Partners, DNX Ventures, Hewlett Packard Pathfinder, PayPal and investor Shlomo Kramer. For more information, visit www.safebreach.com or follow us on Twitter @SafeBreach.