Red teaming with an underhyped SSRF: case study and new tool release

Explore a real-world red teaming case study where an unpatched Microsoft Exchange vulnerability was leveraged to pivot across a company's infrastructure, showcasing an innovative approach to exploiting underutilized attack vectors.

This talk delves into how our team combined this entry vector with a custom .NET ViewState deserialization technique to compromise a core banking system. We will unveil the proprietary tool we developed, enabling the community to replicate and enhance these methods for advanced red teaming scenarios.