[WORKSHOP] 🇫🇷 - Template injection on hardened targets.
During his Black Hat 2015 presentation, James Kettle explained how template injections could lead to code execution
At the end of the talk, he recommended running application in containers with limited privileges and read-only file system.
Six years later, containers are now the standard of web-app deployment and getting code execution inside a well isolated container can be seen as low impact.
In this workshop we will explore new template injection techniques specially crafted for hardened environment.
We will focus on two environments:
- Python with Flask / Jinja2
- JavaScript with Express / Vue
- We will build our own tooling in Python to solve a series of challenges with increasing difficulty.
Other Information
Required for the workshop:
- Experience in Python/JavaScript
- Basic Docker skill