Introduction

Last year we built an example vulnerable website, as a way of demonstrating the process of exploiting some example vulnerabilities. We’ve done the demo a few times to different audiences,  most recently for one of our own teams, so we took advantage of Zoom’s recording feature.

Sections

• Part I demonstrates exploiting a Local File Inclusion vulnerability.
• Part II (33m49s) is a phishing/Cross-Site Request Forgery vulnerability.
• Part III (44m12s) is a session hijacking demo.

The Demo

Follow Up

For our latest research, and for links and comments on other research, follow our Lab on Twitter.

Alternatively, get in touch if you’d like to chat to us.